Greetings:
As promised, i report back my solutions and hope this may help others.
On Mon, 2005-06-06 at 07:42 -0600, Duong BaTien wrote:
On Mon, 2005-06-06 at 07:04 -0400, Tim Funk wrote:
Almost. (I think)
Thanks. I will try the workaround and report to the list for the
benefits of
Almost. (I think)
You can't request any pages under /WEB-INF. Security constraints are only for
the incoming URL - not urls obtained by getRequestDispatcher()
-Tim
Duong BaTien wrote:
On Thu, 2005-05-26 at 06:34 -0400, Tim Funk wrote:
From a config point of view no. The simple workaround
On Mon, 2005-06-06 at 07:04 -0400, Tim Funk wrote:
Almost. (I think)
Thanks. I will try the workaround and report to the list for the
benefits of others.
BaTien
DBGROUPS
You can't request any pages under /WEB-INF. Security constraints are only for
the incoming URL - not urls obtained by
On Thu, 2005-05-26 at 06:34 -0400, Tim Funk wrote:
From a config point of view no. The simple workaround
- Ditch the web.xml config for requiring SSL
- Create a filter which checks the scheme and URL - if the do not match what
you desire - you can issue a redirect in the filter to https (or
To: Tomcat Users List
Subject: Re: Force Non-SSL
Is there no way to do it? SSL creates a lot of overhead for a
site that
is serving up 100MB image files.
--- Tim Funk [EMAIL PROTECTED] wrote:
no
-Tim
August Detlefsen wrote:
In my webapp I force clients to use SSL
From a config point of view no. The simple workaround
- Ditch the web.xml config for requiring SSL
- Create a filter which checks the scheme and URL - if the do not match what
you desire - you can issue a redirect in the filter to https (or http) as desired
-Tim
August Detlefsen wrote:
Is
no
-Tim
August Detlefsen wrote:
In my webapp I force clients to use SSL encryption for logins with a
security constraint and transport-guarantee elements like this:
security-constraint
web-resource-collection
web-resource-nameLogin/web-resource-name
Is there no way to do it? SSL creates a lot of overhead for a site that
is serving up 100MB image files.
--- Tim Funk [EMAIL PROTECTED] wrote:
no
-Tim
August Detlefsen wrote:
In my webapp I force clients to use SSL encryption for logins with
a
security constraint and
this, so it is all theory at this point.
Doug
- Original Message -
From: August Detlefsen [EMAIL PROTECTED]
To: Tomcat Users List tomcat-user@jakarta.apache.org
Sent: Wednesday, May 25, 2005 8:43 PM
Subject: Re: Force Non-SSL
Is there no way to do it? SSL creates a lot of overhead
August Detlefsen wrote:
Is there no way to do it? SSL creates a lot of overhead for a site that
is serving up 100MB image files.
There are ugly or less ugly workarounds, like the one yahoo uses. Login
can go against HTTPS, sets up it's version of session and then redirects
the user to
10 matches
Mail list logo