tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From C├ędric Couralet <>
Subject Re: Apache HTTP + Tomcat + SSL
Date Mon, 30 Sep 2013 14:44:07 GMT
> I said "An application *usually* doesn't care how it is accessed".
> Most applications do not.  Some do.
> But I would argue that this would not be such a good design, because it
> removes flexibility in the application.  It would mean that the application
> then cannot work in a context where there is no need for strong security,
> and that you always pay the SSL penalty, even when you do not really need
> it. The configuration "around" the webapp allows to put whatever level of
> security you need, without having to change the application code.
> Except in some cases, and that is why we were asking what *this* application
> really needs.
> Tout est dans la nuance..

.., I will take some more english lessons :)

The confusion was that when I say application, I mean the code and the
configuration (web.xml, context.xml).

I already got in an argument with someone saying that httpd should be
the one to force a request over https and the developper should not
have to think about it, so I am a little quick to react on this.

Thank you for the clarification,

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message