Has anyone come up with a good solution to the SSL vs the Non-SSL problem.
Back when we were using pure servlets, we could access a servlet in either one
of two ways:
* http://host/servlet/MyServlet
* https://host/servlet/MyServlet
In other words, the same servlet could be used either in secure or non-secure
mode.
Now that we are migrating to JSP pages, this no longer works:
* http://host/public/MyJspPage.jsp
* https://host/secure/MyJspPage.jsp
Because we have separated our public tree from our secure tree, we now need to
deploy the same file to two places (our production environment is NT so using
soft links is not an option), which is less than ideal.
One solution is to merge our public and secure trees, but this is not desirable
because with some web servers (JWS) only secure pages can be used with
client-side-digital-certificates (and furthermore, *all* secure pages must be
used with client-side-digital-certificates). Since we want users that do not
have client-side-digital-certificates to access some of our pages, we have
divided them into pubic and secure.
Furthermore, we have applets which are sometimes run from public pages and
sometimes run from secure pages. Meaning that we need jar files and class
trees on the public side and copies of these on the secure side (not to mention
yet other class trees for servlets and beans). And we want to avoid the
annoying message:
"Some of the components on this page are secure and some are non-secure.
Do you want to continue?"
Most of our end users would have no idea what to do with that message.
Although we have a working production environment, it is not pretty. I was
just wondering if anyone else has similar requirements and how they sorted this
all out.
Chris
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
