Re: http to https how ?

Wed, 14 Jan 2004 06:28:26 -0800

Did you know that specifying GET and POST means that the other http methods like DELETE and PUT will not be secure?

On 01/13/2004 04:53 PM Keshav Sarin wrote: 
Another way to secure resources is to define them in web.xml. Usually
this setting has worked for me.

<security-constraint>
        <web-resource-collection>
            <web-resource-name>app or resource
name</web-resource-name>
            <url-pattern>/*</url-pattern> <!-- define all url patterns
that need to be protected-->
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>

<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint>

</security-constraint>

If someone tries to access the above url pattern over http, the server
automatically redirects to a https connection.


[EMAIL PROTECTED] 01/13/04 08:22AM >>> 

There are many theories out there.  From personal experience, the
simplest/cleanest way to do it is with Struts + the sslext plugin.  But
even then, don't expect it to be trivial.  Run some Google searches to
find components, tutorials, articles, etc.  Those things should make
your life a little easier.

-----Original Message-----
From: ext Mufaddal Khumri [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 6:12 PM
To: Tomcat Users List
Subject: http to https how ?


Hi,

Have a page First.jsp

When a user comes to http://my.domain.com/First.jsp ... I would like to

redirect him or her to https://my.domain.com/First.jsp.

How do I do this on my jsp ? I tried <% request.redirect("https://my.domain.com/First.jsp";) %> , but i get an exception saying

cannot resolve symbol
symbol  : method redirect (java.lang.String)
location: interface javax.servlet.http.HttpServletResponse
                                        response.redirect(path);

Thanks.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] 




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




--
struts 1.1 + tomcat 5.0.16 + java 1.4.2
Linux 2.4.20 Debian

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to