In my webapp there's a directory '/admin' that's protected under SSL. Users are forced to use SSL via a security constraint in web.xml. It works great.
As mentioned in the docs and other places, it would be good to prevent SSL everywhere else on the site, but I searched around and couldn't find anything that works.I tried adding another security constraint with transport guarantee set to NONE for url-pattern '/*' but it didn't prevent https access to the site as a whole. What's the correct way to selectively restrict https to only one area of a webapp? TIA, John
