tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Looijmans, Mike" <mike.looijm...@oce.com>
Subject RE: Toggling
Date Wed, 06 Jan 2010 10:13:48 GMT
Just redirect "as required".

http://myserver/login redirects to https://myserver/login, form submits
to the same page and when OK, it redirects to http://myserver/home or
whatever. You'll probably need to pass a 'secret' to the home link to
preserve the user's login, which might be a simple URI parameter.

Don't do the above on the big bad internet. From a security perspective
it's virtually pointless to do it this way.

I'm assuming you're doing this because you have an intranet www server
and some company policy dictates that plaintext passwords are not
allowed on the net any longer. It's probably much smarter to look at
single-sign-on solutions instead, Kerberos integration with Tomcat is
about a day's work and will both provide a better user experience and
provide much better security too.

M
 

> -----Original Message-----
> From: Nikita Manohar [mailto:nikita.manohar@gmail.com] 
> Sent: woensdag 06 januari 2010 10:17
> To: Tomcat Users List
> Subject: Re: Toggling
> 
> Hi Peter,
> 
> The trigger here is suppose in a web application there is a 
> welcome page which is to be re-directed to a user's homepage 
> after login. The secure information (login page) should be 
> toggled to https and the rest as http.
> 
> Is it possible to do so automatically?
> 
> 
> Thank you,
> -Nikita
> 

This message and attachment(s) are intended solely for use by the addressee and may contain
information that is privileged, confidential or otherwise exempt from disclosure under applicable
law.

If you are not the intended recipient or agent thereof responsible for delivering this message
to the intended recipient, you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited.

If you have received this communication in error, please notify the sender immediately by
telephone and with a 'reply' message.

Thank you for your co-operation.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message