tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: j_secuity check and https
Date Mon, 01 Dec 2008 18:42:03 GMT
Hash: SHA1


Snaglefrac wrote:
> Now, when someone logs in they are using an unsecured login screen and there
> passwords are sent unencrypted. The solution! HTTPS, no sweat, i have this
> working to. The only problem I have is having the https and LDAP security in
> one application. Additionally i do not want to have every page locked by
> https, only the login screen that get called by the security constraint.

Okay, so you want to use regular HTTP for everything except the login
page. You just have to make sure that the user has a session before they
try to login.

> so when a user hits /gigatronic/index.jsp they are asked top login because
> of the LDAP real copnfig. The pages used for the login I need in HTTPS.
> After a secure login it returns back to a regular http for the 
> /gigatronic/index.jsp application.

Actually, you just need to submit to j_security_check using HTTPS.
Everything else can be regular HTTP.

> SO how can I use HTTPS for only the j_secutity login portion I specified in
> web.xml and enforce LDAP real  for the rest of my app without have the whole
> app HTTPS.
> I tried specifying the HTTPS for my login but the app would not start.
> ex:
> 	<form-login-config>
> 	   <form-login-page></form-login-page>
> 	   <form-error-page></form-error-page>
> 	</form-login-config>
> This did not work.

Right. Tomcat doesn't do a redirect (or does for some versions and not
others... I can't keep it straight). What you need to do is this, in
your login.jsp page:

<form action="<%= response.encodeURL(request.getRequestURL().replace(0,
4, "https")).toString()) %>">

This will submit your request to Tomcat using HTTPS. I'm not sure, but I
believe the original request will be to an HTTP URL if the original
request was to a non-secure URL. If not, you can always redirect
subsequent requests using a filter or something like that to go back to

- -chris
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message