I think I was doing a mistake in the url-pattern. giving the correct URL pattern did the trick. Thanks for the tip on transport-guarantee Chuck.
Thanks, Anand On Fri, Feb 6, 2009 at 12:11 PM, Anand HS <anan...@gmail.com> wrote: > Hi, Thanks for the info about the transport-guarantee. > I did try to use it. Here is the config to exclude xsl files and allow all > others through to HTTPS. > > <security-constraint> > <web-resource-collection> > <web-resource-name>Notify page, accessed internally by > application</web-resource-name> > <url-pattern>*.xsl</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > > <!-- Force SSL for entire site --> > <security-constraint> > <web-resource-collection> > <web-resource-name>Entire Site</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > I would expect with this configuration that when i try to load any xsl > through http on my browser, no redirection to https happens. But it doesnt > seem to be happening. Is my configuraiton missing something. ? > > BTW, i use tomcat 6.0.18. > > Thanks, > Anand > > > On Fri, Feb 6, 2009 at 11:31 AM, Caldarale, Charles R < > chuck.caldar...@unisys.com> wrote: > >> > From: Anand HS [mailto:anan...@gmail.com] >> > Subject: A question about excluding URL patterns from filters >> > >> > I have a filter that takes all requests that try to hit http and >> > redirects them through https. >> >> Why are you using a filter? Why not the <transport-guarantee> mechanism >> defined in the servlet spec? >> >> - Chuck >> >> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >> MATERIAL and is thus for use only by the intended recipient. If you received >> this in error, please contact the sender and delete the e-mail and its >> attachments from all computers. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >
