Hi
Just a short note to say thanks to those that replied to my post
I've spent the past three days trying to figure out the best approach given
all the options available and I have something working. It's doesn't work
quite how I'd like, the main problem being that when I get a
Hi
Java 1.5.0_10
Tomcat 5.5.17
I've just spent the past couple of hours reading past postings to this list
at marc.info
The subject I'm interested in is the efficient use of ssl/https.
I have managed to get the 'redirection' to https working with the following
entry in web.xml (amongst other
What you'll really want is to ditch the transport guarantee clause in
web.xml and create a filter which will be smart enough to force/unforce
you from SSL.
For example:
doFilter(...) {
boolean isSSLRequired = magicYesNo(request);
if (isSSLRequired !request.isSecure()) {
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim,
Tim Funk wrote:
What you'll really want is to ditch the transport guarantee clause in
web.xml and create a filter which will be smart enough to force/unforce
you from SSL.
Why do this when the security-constraint already allows you to
security-constraint only works to say I want pages to be encrypted.
Not the latter.
The typical complaint is a developer wishes to encrypt the login process
and nothing else. security-constraint only guarantees that your pages
are secure - but does nothing to get you away from ssl.
Of
It doesn't hurt
-Tim
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim,
Tim Funk wrote:
security-constraint only works to say I want pages to be encrypted.
Not the latter.
Oh, of course. I hadn't really thought of that ;)
The typical complaint is a developer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim,
Tim Funk wrote:
security-constraint only works to say I want pages to be encrypted.
Not the latter.
Oh, of course. I hadn't really thought of that ;)
The typical complaint is a developer wishes to encrypt the login process
and nothing