secure parts of a web application with https
Hello Everybody, I have a small web application. Some pages are free to visit for everyone but some other are only available after login (username/password). I try to make the login page and all other pages after the login to use https. you can think of a application structure like this: /public/page.xhtml /private/login.xhtml /private/morepage.xhtml while all pages under /public use http and all pages under private should only accessible with https But I have no Idea how to achieve this. By the way I use JSF and Tomcat 6 -- View this message in context: http://www.nabble.com/secure-parts-of-a-web-application-with-https-tp19219602p19219602.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: secure parts of a web application with https
wmueller wrote: Hello Everybody, I have a small web application. Some pages are free to visit for everyone but some other are only available after login (username/password). I try to make the login page and all other pages after the login to use https. http://edocs.bea.com/wls/docs61/webapp/web_xml.html#1021230 -- Mikolaj Rydzewski [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: secure parts of a web application with https
wmueller wrote: I have a small web application. Some pages are free to visit for everyone but some other are only available after login (username/password). I try to make the login page and all other pages after the login to use https. you can think of a application structure like this: /public/page.xhtml /private/login.xhtml /private/morepage.xhtml while all pages under /public use http and all pages under private should only accessible with https You should create a security constraint for the /private branch of the pages in the web.xml file of your application. The following frangment should be rather close to what you're looking for (/private/* require that user is authenticated and are only available through a protected connection). security-constraint web-resource-collection url-pattern/private/*/url-pattern /web-resource-collection auth-constraint role-name*/role-name user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint On top of that, you'll naturally need to set up Tomcat so that it also accepts https connections. -- ..Juha - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]