Well, the reason I ask is because this feels like infrastructure code. I think I'm missing something basic here because why is there an easy way to configure which paths should be ssl and not a way to define the reverse without having to write your own code? Again, this functionality is provided in the python configuration without having to write additional code, so I want to make sure that the de-facto standard for defining non ssl paths on the servlet side is to indeed write your own filter code. I know I'm not the only person who has asked this from various google searches, but no one seems to have an answer, so filters may be the way to go.
Thanks again, Peter! On Sep 13, 2:44 pm, Peter Ondruska <[email protected]> wrote: > Actually I am not aware of any servlet container which provides > similar functionality out of the box. Why would you ask for something > like this from Google if you can do it yourself? > > On Sep 13, 7:20 pm, WY <[email protected]> wrote: > > > > > I don't suppose google offers a filter to accomplish a similar > > functionality? > > If not, there must be an easier solution to this problem, right? I > > suppose many others have written web apps not using Google accounts > > for authentication? If so, how do you configure your app to a secure > > login and then redirect back to a non ssl after login is complete? I > > feel like I'm missing a basic thing here that everyone else is > > doing...*scratches head*. > > > Thanks again for any help! > > > On Sep 12, 11:43 pm, Peter Ondruska <[email protected]> wrote: > > > > Use a filter to achieve this functionality. > > > > On Sep 13, 6:40 am, WY <[email protected]> wrote: > > > > > Hi all, > > > > > I managed to configure my web.xml file to redirect all pages ending > > > > with *.dos to be handled by ssl with the following: > > > > <security-constraint> > > > > <web-resource-collection> > > > > <url-pattern>/*.dos</url-pattern> > > > > </web-resource-collection> > > > > <user-data-constraint> > > > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > > > </user-data-constraint> > > > > </security-constraint> > > > > > However, I would like it to redirect back to non ssl (http) for all > > > > pages ending with *.do. I tried to define another security constraint > > > > with the following: > > > > <security-constraint> > > > > <web-resource-collection> > > > > <url-pattern>/*.do</url-pattern> > > > > </web-resource-collection> > > > > <user-data-constraint> > > > > <transport-guarantee>NONE</transport-guarantee> > > > > </user-data-constraint> > > > > </security-constraint> > > > > > However, after it successfully goes to https, subsequent pages which > > > > end in *.do doesn't get redirected back to http. > > > > I know that in python, the way to do this is by using "secure: never". > > > > Is there an equivalent for the web.xml file? > > > > > Thanks for any help! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en -~----------~----~----~----~------~----~------~--~---
