Security constraints are only imposed on the incoming URL.
Long story short - you'll need to place the entire webapp in SSL. There is no
clean way to use declarative statements to force the login to be SSL and the
rest of the webapp be nonssl.
-Tim
Klotz Jr, Dennis wrote:
Hello all. I
wish to use a form based login.
-Dennis
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 10:34 AM
To: Tomcat Users List
Subject: Re: web.xml question
Security constraints are only imposed on the incoming URL.
Long story short - you'll need
, possibly masquerading the url or something?
Again not an expert, but something I have been interested in for some
time myself.
Dean 8-)
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 10:34 AM
To: Tomcat Users List
Subject: Re: web.xml question
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 10:34 AM
To: Tomcat Users List
Subject: Re: web.xml question
Security constraints are only imposed on the incoming URL.
Long story short - you'll need to place the entire webapp in SSL. There
is no clean way to use declarative statements
To: Tomcat Users List
Subject: Re: web.xml question
Security constraints are only imposed on the incoming URL.
Long story short - you'll need to place the entire webapp in SSL. There
is no clean way to use declarative statements to force the login to be
SSL and the rest of the webapp be nonssl.
-Tim