Hi,
I have not been able to implement the following so I was wondering if it
was possible or would I need a custom Realm/Authenticator implementation?
I have some content that is restricted by role but not over a secure
connection, however, if a user tries to access the content and is
presented with the credentials/authentication form the form is also not
over a secure connection and it needs to be.
I tried applying a confidential transport security restraint on just the
form but this seems to be bypassed when the form is actually used in a
context without the transport constraint.
I am thinking that some sort of redirect will be required instead to
make the transition from non-secure to secure (for authentication) and
back to non-secure.
Will tomcat do this out of the box or will I need a need a
custom/additional authentication package?
Regards,
Simon
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org