tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Strauch" <way...@web.de>
Subject yet another SSL question
Date Fri, 05 Jan 2007 23:18:02 GMT
Hello world!

My problem :

I want some of my servlets to be accessible only when HTTPS is used:
    https:/<path to servlet> succeeds
    http:/<path to servlet> gives an error

The first step seems to work, but when i have logged in into the secure area,
load a page using https, delete the "s" and reload, the page is also loaded.

How do i block the unsecured reload?

I tried some of the hints for JSPs, but they seem not to work with servlets.

My web.xml:

<web-app>
        <servlet>
                <servlet-name>myServlet</servlet-name>
                <servlet-class>myServlet</servlet-class>
        </servlet>
            ... more servlets...
        <servlet-mapping>
                <servlet-name>myServlet</servlet-name>
                <url-pattern>path to myServlet</url-pattern>
        </servlet-mapping>
        ... more servlets...
</web-app>

What security-constraints do i need, and where do i have to put them?

Thank you 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message