> Hello!
>
> A while ago, I posted a question here about making some of the pages
> accessible only through HTTPS while the rest of the pages through HTTP.
> In the meantime, I've tried to achieve this by using RedirectException
> in pageValidate(). However, I'm facing some problems with this approach
> (such as, getting infinite redirection loops for DirectLinks).
>
> Could somebody please give me a hint on what is "the right way" to make
> some pages accessible only via HTTPS while leaving others to HTTP?
>
> Help really appreciated!
In your web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secured</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
You also have to configure your preferred service's connector with the right
'redirectPort' attribute. An example for AJP would be:
<Connector port="8009"
address="Your.Tomcat.Bind.Address"
redirectPort="443"
protocol="AJP/1.3"
/>
Any more OT questions? :)
-----------------------------------
Giampaolo Tomassoni - IT Consultant
Piazza VIII Aprile 1948, 4
I-53044 Chiusi (SI) - Italy
Ph: +39-0578-21100
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
