Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 4476 invoked from network); 1 Feb 2008 12:56:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 1 Feb 2008 12:56:11 -0000 Received: (qmail 83057 invoked by uid 500); 1 Feb 2008 12:55:21 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 83040 invoked by uid 500); 1 Feb 2008 12:55:21 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 83029 invoked by uid 99); 1 Feb 2008 12:55:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Feb 2008 04:55:21 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of david@davidwbrown.name designates 208.240.64.5 as permitted sender) Received: from [208.240.64.5] (HELO davidwbrown.name) (208.240.64.5) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Feb 2008 12:54:52 +0000 Received: from davidwbrown.name (davidwbrown.name [192.168.1.1]) by davidwbrown.name (Postfix) with SMTP id 62AB223C054 for ; Fri, 1 Feb 2008 06:54:58 -0600 (CST) From: "David Brown" Subject: Re: How to use https together with http To: "Tomcat Users List" Cc: X-Originating-IP: 192.168.1.30 X-Mailer: Usermin 1.320 Message-Id: <1201870498.5202@davidwbrown.name> In-Reply-To: <738500.47428.qm@web35514.mail.mud.yahoo.com> Date: Fri, 01 Feb 2008 06:54:58 -0600 (CST) X-Virus-Checked: Checked by ClamAV on apache.org Hello Dave, in the future reply with more info and you will get better help. I will put an example at the bottom. I'm an old-school JSP guy and not a JSF guy but I understand that JSF files still end in (dot).jsp? If I'm right then the rules should apply where a security constraint is defined. You will have to use a . The Tomcat default install comes with an example that does this in server.xml. Use a JAAS realm or a LDAP realm for FORM based security. The path to your confidential pages need to be defined here. The warning comes (especially I.E.) because you do not have a CA CERT for ssl. You can generate your own CERT with the gentool. Again, the Tomat doco is your starting point: http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html and http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#What%20is%20a%20Realm? Performance: JSF is about 50 to 500 times slower than JSP. See: http://mindprod.com/jgloss/jsf.html INFO: OS: Debian 3.1, Window 2003 server DB: Oracle 9i Tomcat: 5.5.x JDK/JRE: 1.6.x VM: Xen and VMWARE Topology: clustered TC with load balancer Logging: Log4j, commons-logging, system logs (examples etc. for exceptions). Dave wrote .. > For jsf page (myfaces), some data need to go through SSL such as bank information. > For better performance, other pages(or forms) can use http. > > ... > > ... > > if a form may contain personal data, it should be summitted using https. Also > we need to let user know it is secure by showing a lock and https://.... in browser > address bar. > > How can I do this? > > sometimes The IE browser shows a warning: the page contains both secure and nonsecure > data. what is the meaning? how to avoid the warning? > > Thanks for ideas. > Dave > > > --------------------------------- > Looking for last minute shopping deals? Find them fast with Yahoo! Search. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org