Thank you for this thread! Guang Huang's response is the technique that we are using and is very simple to implement once you know about it! I don't know that this will automatically redirect you to normal 'http' but I'm just pleased that it automatically forces secure on any page url I specify.
A sample url-pattern can be as simple as this: <url-pattern>/ldap-login</url-pattern> Cheers! On Monday, August 24, 2015 at 4:23:44 PM UTC-4, John Preston wrote: > > Thanks. One follow up question. Since everything in dspace is supposed to > be open and freely accessable, other then the login procedure, is there any > need for the rest of the site to be secured? > > John > > On 1/24/07, Guang Huang <[email protected] <javascript:>> wrote: >> >> In dspace application web configure file web.xml >> add something like: >> >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>Pages requiring >> HTTPS</web-resource-name> >> <url-pattern>...</url-pattern> >> <url-pattern>...</url-pattern> >> </web-resource-collection> >> <user-data-constraint> >> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >> </user-data-constraint> >> </security-constraint> >> >> You could check dspace developers document or jsp/server specificatioin >> in detail >> >> Good luck >> John Preston wrote: >> > Can anyone tell me if it is possible to use https for just the login >> > steps and regualr unsecured http to access my dspace site. I need to >> > secure the login username/password phase but once logged in I want to >> > use the regular http so it is as fast as possible. >> > ------------------------------------------------------------------------ >> > -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
