Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 77567 invoked from network); 6 Jan 2009 22:32:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Jan 2009 22:32:01 -0000 Received: (qmail 11282 invoked by uid 500); 6 Jan 2009 22:31:43 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 11259 invoked by uid 500); 6 Jan 2009 22:31:43 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 11242 invoked by uid 99); 6 Jan 2009 22:31:43 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Jan 2009 14:31:43 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [193.252.22.151] (HELO smtp6.freeserve.com) (193.252.22.151) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Jan 2009 22:31:33 +0000 Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf3508.me.freeserve.com (SMTP Server) with ESMTP id EB8CB7000082 for ; Tue, 6 Jan 2009 23:31:11 +0100 (CET) Received: from smtp.homeinbox.net (unknown [91.109.142.35]) by mwinf3508.me.freeserve.com (SMTP Server) with ESMTP id C55387000081 for ; Tue, 6 Jan 2009 23:31:11 +0100 (CET) X-ME-UUID: 20090106223111808.C55387000081@mwinf3508.me.freeserve.com Received: from localhost (localhost [127.0.0.1]) by smtp.homeinbox.net (Postfix) with ESMTP id 197FD1A47D5 for ; Tue, 6 Jan 2009 22:32:40 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at homeinbox.net Received: from smtp.homeinbox.net ([127.0.0.1]) by localhost (server01.dev.local [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pbDk60XmfiNJ for ; Tue, 6 Jan 2009 22:32:34 +0000 (GMT) Received: from macbook.local (host212-183-132-39.uk.access.vodafone.net [212.183.132.39]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.homeinbox.net (Postfix) with ESMTPSA id 0B82D1A40B6 for ; Tue, 6 Jan 2009 22:32:31 +0000 (GMT) Message-ID: <4963DB8E.4000305@apache.org> Date: Tue, 06 Jan 2009 22:30:38 +0000 From: Mark Thomas User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: j_security_check with https References: <7ab222000901060751q1ff97822ie2785bab26d56881@mail.gmail.com> <7ab222000901060824p45a4c221sa71434d98255845e@mail.gmail.com> <4963A0BD.3080705@pidster.com> <7ab222000901061034o193f2ebbiee6cddb910eb38d3@mail.gmail.com> <0AAE5AB84B013E45A7B61CB66943C17215A81A1BDC@USEA-EXCH7.na.uis.unisys.com> <7ab222000901061213o7687587fkf58fe46ca1fe5d67@mail.gmail.com> In-Reply-To: X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Gregor Schneider wrote: > On Tue, Jan 6, 2009 at 9:13 PM, Diego Armando Gusava > wrote: >> no man, example, email >> >> when u login, your username and password will be transport https, but >> after that, you are in http! u dont need https because, you are only >> reading messages(emails) >> > > Then just phrase your url-pattern in your security-constraint-section > accordingly - should work. It won't. Tomcat won't let a session created under HTTPS transition to HTTP as the session ID is effectively the password. If the password needed HTTPS then the session ID does too. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org