tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Strauch" <>
Subject yet another SSL question
Date Fri, 05 Jan 2007 23:18:02 GMT
Hello world!

My problem :

I want some of my servlets to be accessible only when HTTPS is used:
    https:/<path to servlet> succeeds
    http:/<path to servlet> gives an error

The first step seems to work, but when i have logged in into the secure area,
load a page using https, delete the "s" and reload, the page is also loaded.

How do i block the unsecured reload?

I tried some of the hints for JSPs, but they seem not to work with servlets.

My web.xml:

            ... more servlets...
                <url-pattern>path to myServlet</url-pattern>
        ... more servlets...

What security-constraints do i need, and where do i have to put them?

Thank you 

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message