|
Have I got this right?
I have an app and in the deployment descriptor I
ask for FORM authentication and set the transport guarantee to CONFIDENTIAL .
If the user attempts access to a secured page or
servlet in that app from a simple http connection, tomcat will force the FORM
page to be sent using SSL. Is that right?
Now, you cannot do this if you are running tomcat
"behind" Apache and Apache is handling the SSL because your link to tomcat is
AJP13 on say port 8009 and tomcat doesn't know how to force the switch. Is
that right?
Nor can you do this with Tomcat 4 embedded in JBoss
2.4.4 because there is no support for port redirection in the EmbeddedCatalina
service?
I think I have finally worked all this out, but it
would be nice to have it confirmed!
Gerry
|
