tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: from https to http?
Date Thu, 04 Jan 2007 13:45:33 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pablo,

John Doe wrote:
> Thanks a lot by the explanation. Looks like Tomcat (or maybe the
> "Servlet specification"?) needs a mechanism to switch from https to
> http when this access is declared by a <security-constrains> otherwise
> is forcing programmers to always use programmatic security to made this
> switch

It isn't Tomcat's job to guess when you want to go back to http, it's
yours. It isn't very difficult to build a complete URL (including
protocol) for a link. I would imagine that you have very few places in
your application where you need to:

1. Switch from HTTP to HTTPS
and
2. Switch from HTTPS to HTTP

I recommend that you treat those as special cases and hand-code them as
appropriate.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFnQT89CaO5/Lv0PARAgrAAJ9mC1jWsr5rYmD7El+d6OGO3rIJzACeOiN2
D2fSjZ+YlIfUXzaXatPV0Kg=
=mxZ3
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message