If you're using relative links there will be nothing to cause your transport to change back.
You can try adding another security-constraint block covering the content you don't want to be secure and set the <transport-guarantee>NONE</transport-guarantee> On the other hand, you typically don't want to switch back to non-SSL once you've gone secure, especially if you've initialized your session securely. Most web providers don't regenerate your sessionid when you switch between secure and insecure transports. Sending your sessionid over an insecure transport opens you up to session hijacking attacks. Be careful what you wish for. You should probably just leave things the way they are. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3947904#3947904 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3947904 ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
