Re: how to auto redirect to https from http

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dave, Dave wrote: | The url is not changed when I point to | http://www.mydomain.com/login.html in browser. The .html is mapped to | servlet. I expected it to change to https:// I think David identified part of the problem: your XML is not set

Re: how to auto redirect to https from http

"Christopher Schultz" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Dave, > > Dave wrote: > | I moved the inside the > as the following: > | > | > | > | Automatic SLL > Forward

Re: how to auto redirect to https from http

Chris, The url is not changed when I point to http://www.mydomain.com/login.html in browser. The .html is mapped to servlet. I expected it to change to https:// So it is not secure to start as http and then switch to https to use the same http session because session id to visible

Re: how to auto redirect to https from http

Hello Dave, this is not exactly the answer you are looking for but I have been concerned with public web security for a long time and I have finally resigned myself to the fact that if you are using login pages that process user ids and passwords and other confidential info that man-in-the-middl

Re: how to auto redirect to https from http

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dave, Dave wrote: | I moved the inside the as the following: | | | | Automatic SLL Forwarding | /login.html | | CONFIDENTIAL |

Re: how to auto redirect to https from http

Hi Chris, I moved the inside the as the following: Automatic SLL Forwarding /login.html CONFIDENTIAL But

Re: how to auto redirect to https from http

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dave, Dave wrote: | I tried the method, it worked. | But when I tried to protect login page only, | | | protected pages | /login.jsp | | | restarted tomcat, and went to http://www.mydomain.c

Re: how to auto redirect to https from http

Hi Hazem, Thanks, I tried the method, it worked. But when I tried to protect login page only, protected pages /login.jsp restarted tomcat, and went to http://www.mydomain.com it was redirected to secure URL. It should stay

Re: how to auto redirect to https from http

Hi Dave, Try to add this to web.xml under tomcat_install_dir/conf: " / Protected Context /* CONFIDENTIAL / " That works for me. Regards. --Hazem. Dave a écrit : Hi, when user types http://www.mydomain.com, how to redirect to secure url https://

how to auto redirect to https from http

Hi, when user types http://www.mydomain.com, how to redirect to secure url https://www.mydomain.com? I know that a servlet filter can do that. Is there an easier way? In server.xml, redirectPort="8443" for port 80, it did not work as I expected. Thanks fo