Hi,

I have not been able to implement the following so I was wondering if it was possible or would I need a custom Realm/Authenticator implementation?

I have some content that is restricted by role but not over a secure connection, however, if a user tries to access the content and is presented with the credentials/authentication form the form is also not over a secure connection and it needs to be.

I tried applying a confidential transport security restraint on just the form but this seems to be bypassed when the form is actually used in a context without the transport constraint.

I am thinking that some sort of redirect will be required instead to make the transition from non-secure to secure (for authentication) and back to non-secure.

Will tomcat do this out of the box or will I need a need a custom/additional authentication package?

Regards,

Simon



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to