I found another person doing what you're suggesting for anyone else who may be interested: http://www.coderanch.com/t/432995/Tomcat/do-secure-only-my-login I still feel a little cheated that what I personally feel is core infrastructure functionality still needs to be hand coded. It's 2009 now, right? :)
Thanks! On Sep 13, 4:09 pm, WY <[email protected]> wrote: > Well, the reason I ask is because this feels like infrastructure code. > I think I'm missing something basic here because why is there an easy > way to configure which paths should be ssl and not a way to define the > reverse without having to write your own code? > Again, this functionality is provided in the python configuration > without having to write additional code, so I want to make sure that > the de-facto standard for defining non ssl paths on the servlet side > is to indeed write your own filter code. > I know I'm not the only person who has asked this from various google > searches, but no one seems to have an answer, so filters may be the > way to go. > > Thanks again, Peter! > > On Sep 13, 2:44 pm, Peter Ondruska <[email protected]> wrote: > > > > > Actually I am not aware of any servlet container which provides > > similar functionality out of the box. Why would you ask for something > > like this from Google if you can do it yourself? > > > On Sep 13, 7:20 pm, WY <[email protected]> wrote: > > > > I don't suppose google offers a filter to accomplish a similar > > > functionality? > > > If not, there must be an easier solution to this problem, right? I > > > suppose many others have written web apps not using Google accounts > > > for authentication? If so, how do you configure your app to a secure > > > login and then redirect back to a non ssl after login is complete? I > > > feel like I'm missing a basic thing here that everyone else is > > > doing...*scratches head*. > > > > Thanks again for any help! > > > > On Sep 12, 11:43 pm, Peter Ondruska <[email protected]> wrote: > > > > > Use a filter to achieve this functionality. > > > > > On Sep 13, 6:40 am, WY <[email protected]> wrote: > > > > > > Hi all, > > > > > > I managed to configure my web.xml file to redirect all pages ending > > > > > with *.dos to be handled by ssl with the following: > > > > > <security-constraint> > > > > > <web-resource-collection> > > > > > <url-pattern>/*.dos</url-pattern> > > > > > </web-resource-collection> > > > > > <user-data-constraint> > > > > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > > > > </user-data-constraint> > > > > > </security-constraint> > > > > > > However, I would like it to redirect back to non ssl (http) for all > > > > > pages ending with *.do. I tried to define another security constraint > > > > > with the following: > > > > > <security-constraint> > > > > > <web-resource-collection> > > > > > <url-pattern>/*.do</url-pattern> > > > > > </web-resource-collection> > > > > > <user-data-constraint> > > > > > <transport-guarantee>NONE</transport-guarantee> > > > > > </user-data-constraint> > > > > > </security-constraint> > > > > > > However, after it successfully goes to https, subsequent pages which > > > > > end in *.do doesn't get redirected back to http. > > > > > I know that in python, the way to do this is by using "secure: never". > > > > > Is there an equivalent for the web.xml file? > > > > > > Thanks for any help! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en -~----------~----~----~----~------~----~------~--~---
