True. There should be <http-method> entry for each protected http method.
>>> [EMAIL PROTECTED] 01/14/04 06:24AM >>> Did you know that specifying GET and POST means that the other http methods like DELETE and PUT will not be secure? On 01/13/2004 04:53 PM Keshav Sarin wrote: > Another way to secure resources is to define them in web.xml. Usually > this setting has worked for me. > > <security-constraint> > <web-resource-collection> > <web-resource-name>app or resource > name</web-resource-name> > <url-pattern>/*</url-pattern> <!-- define all url patterns > that need to be protected--> > <http-method>GET</http-method> > <http-method>POST</http-method> > </web-resource-collection> > > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > > </security-constraint> > > If someone tries to access the above url pattern over http, the server > automatically redirects to a https connection. > > >>>>[EMAIL PROTECTED] 01/13/04 08:22AM >>> > > There are many theories out there. From personal experience, the > simplest/cleanest way to do it is with Struts + the sslext plugin. But > even then, don't expect it to be trivial. Run some Google searches to > find components, tutorials, articles, etc. Those things should make > your life a little easier. > > -----Original Message----- > From: ext Mufaddal Khumri [mailto:[EMAIL PROTECTED] > Sent: Monday, January 12, 2004 6:12 PM > To: Tomcat Users List > Subject: http to https how ? > > > Hi, > > Have a page First.jsp > > When a user comes to http://my.domain.com/First.jsp ... I would like to > > redirect him or her to https://my.domain.com/First.jsp. > > How do I do this on my jsp ? I tried <% > request.redirect("https://my.domain.com/First.jsp";) %> , but i get an > exception saying > > cannot resolve symbol > symbol : method redirect (java.lang.String) > location: interface javax.servlet.http.HttpServletResponse > response.redirect(path); > > Thanks. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
