tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Brown" <>
Subject Re: How to use https together with http
Date Fri, 01 Feb 2008 12:54:58 GMT
Hello Dave, in the future reply with more info and you will get better help. I will put an
example at the bottom. I'm an old-school JSP guy and not a JSF guy but I understand that JSF
files still end in (dot).jsp? If I'm right then the rules should apply where a security constraint
is defined. You will have to use a <realm>. The Tomcat default install comes with an
example that does this in server.xml. Use a JAAS realm or a LDAP realm for FORM based security.


The path to your confidential pages need to be defined here.

The warning comes (especially I.E.) because you do not have a CA CERT for ssl. You can generate
your own CERT with the gentool. Again, the Tomat doco is your starting point: 


Performance: JSF is about 50 to 500 times slower than JSP. See:

OS: Debian 3.1, Window 2003 server
DB: Oracle 9i
Tomcat: 5.5.x
JDK/JRE: 1.6.x
VM: Xen and VMWARE
Topology: clustered TC with load balancer
Logging: Log4j, commons-logging, system logs (examples etc. for exceptions).

Dave wrote ..
> For jsf page (myfaces), some data need to go through SSL such as bank information.
>   For better performance, other pages(or forms) can use http.  
>   <h:form> ... </h:form>
>   <h:form> ... </h:form>
>   if a form may contain personal data, it should be summitted using https. Also
> we need to let user know it is secure by showing a lock and https://.... in browser
> address bar.
>   How can I do this?
>   sometimes The IE browser shows a warning: the page contains both secure and nonsecure
> data.  what is the meaning? how to avoid the warning?
>   Thanks for ideas.
>   Dave
> ---------------------------------
> Looking for last minute shopping deals?  Find them fast with Yahoo! Search.

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message