Hello,
I have enabled SSL in Tomcat 4.1.27 and all of my static pages: html,
xsd, etc. are encrypted fine. However, when I access an html page that was
written directly to the servlet outputstream (rather than a redirect to a
jsp or a static page), IE6 reports that the connection is not encrypted
although I the protocol is still https. A section of my web.xml appears
below:
<servlet-mapping>
<servlet-name>MainServlet</servlet-name>
<url-pattern>/servlet</url-pattern>
<servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Application</web-resource-name>
<url-pattern>/static-pages/*</url-pattern>
<url-pattern>/servlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>default_role</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
To summarize: Using the https protocol, the login page and all pages under
https://xxx:443/context/static-pages/* are reported as encrypted but the
outputstream from the servlet under
https://xxx:443/context/servlet?param=value is reported as unencrypted. In
fact, each time I access a dynamic page, the encryption icon in IE6 flashes
on, then off. I am starting to think that IE6 may be mis-reporting the
encryption state of the dynamically generated pages.
thank you,
Nathan Freeling
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
