Re: using https for login
What a shame - I would have thought this a common requirement. I want to protect the admin password, but once logged in, there is a lot of data to process, and it isn't very sensitive, so it doesn't make sense to encrypt it. So I just have to scrap the declarative method, and do it programmatically? John On 29/03/07, Mark Thomas [EMAIL PROTECTED] wrote: John Pedersen wrote: I have been able to get all the admin pages running on https, but I want just the login page on https, and the actual admin pages using http. Can anyone suggest how to do this. Here is what I have in my web.xml ( this setup doesn't use https at all ): Without modifying the code for the admin webapp, you can't do this. Mark I tried using a filter on the login pages to switch to https, but it didn't forward correctly after logging in - I think the login data may have been lost with the redirect - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
using https for login
Hi, I want to protect the admin parts of my app. I have made a security-constraint on my admin folders, and all works fine - calling for any page in admin gets redirected to a login form. However, I'd like the login form to be encrypted. I have been able to get all the admin pages running on https, but I want just the login page on https, and the actual admin pages using http. Can anyone suggest how to do this. Here is what I have in my web.xml ( this setup doesn't use https at all ): security-constraint web-resource-collection web-resource-nameadmin/web-resource-name url-pattern/admin/*/url-pattern /web-resource-collection auth-constraint role-namemanager/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/security/login.htm/form-login-page form-error-page/security/login_error.htm/form-error-page /form-login-config /login-config Adding a user-data-constraint transport-guarantee CONFIDENTIAL /transport-guarantee /user-data-constraint uses https for all my admin pages. TIA. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: using https for login
John Pedersen wrote: I have been able to get all the admin pages running on https, but I want just the login page on https, and the actual admin pages using http. Can anyone suggest how to do this. Here is what I have in my web.xml ( this setup doesn't use https at all ): Without modifying the code for the admin webapp, you can't do this. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]