tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Brown" <da...@davidwbrown.name>
Subject Re: How to use https together with http
Date Fri, 01 Feb 2008 12:54:58 GMT
Hello Dave, in the future reply with more info and you will get better help. I will put an
example at the bottom. I'm an old-school JSP guy and not a JSF guy but I understand that JSF
files still end in (dot).jsp? If I'm right then the rules should apply where a security constraint
is defined. You will have to use a <realm>. The Tomcat default install comes with an
example that does this in server.xml. Use a JAAS realm or a LDAP realm for FORM based security.

<security-constraint></security-constraint>

The path to your confidential pages need to be defined here.

The warning comes (especially I.E.) because you do not have a CA CERT for ssl. You can generate
your own CERT with the gentool. Again, the Tomat doco is your starting point: 

http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html 

and 

http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#What%20is%20a%20Realm?

Performance: JSF is about 50 to 500 times slower than JSP. See:

http://mindprod.com/jgloss/jsf.html

INFO:
OS: Debian 3.1, Window 2003 server
DB: Oracle 9i
Tomcat: 5.5.x
JDK/JRE: 1.6.x
VM: Xen and VMWARE
Topology: clustered TC with load balancer
Logging: Log4j, commons-logging, system logs (examples etc. for exceptions).

Dave wrote ..
> For jsf page (myfaces), some data need to go through SSL such as bank information.
>   For better performance, other pages(or forms) can use http.  
>    
>   <h:form> ... </h:form>
>    
>   <h:form> ... </h:form>
>    
>   if a form may contain personal data, it should be summitted using https. Also
> we need to let user know it is secure by showing a lock and https://.... in browser
> address bar.
>    
>   How can I do this?
>    
>   sometimes The IE browser shows a warning: the page contains both secure and nonsecure
> data.  what is the meaning? how to avoid the warning?
>    
>   Thanks for ideas.
>   Dave
> 
>        
> ---------------------------------
> Looking for last minute shopping deals?  Find them fast with Yahoo! Search.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message