Mariano, Two thing come to mind:
1. Why not just leave it in SSL? 2. You have a problem of losing the session. When you move from SSL to NON SSL page you lose the session and create a new one. This is for security reasons. Past that the only thing that come to mind is Single sign on. There are others more knowledgeable than me on this. Doug www.parsonstechnical.com ----- Original Message ----- From: "Mariano" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Thursday, May 27, 2004 6:37 AM Subject: How to force only page login SSL and rest NON SSL > Hi everybody > > I want to force my page login via SSL, and i did it with: > > <security-constraint> > <web-resource-collection> > <web-resource-name>SSL</web-resource-name> > <url-pattern>/Comun/LoginUsuario.jsp</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > but when i want validate an user i like to force rest of pages via NON SSL, > i have tried it with other <security-constraint>: > > <security-constraint> > <web-resource-collection> > <web-resource-name>Aplicacion de IGeSan</web-resource-name> > <url-pattern>/IGeSan/*</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > > But when i do the "response.sendRedirect(user.getAppPage());" always do it > in SSL mode. > > Any ideas. > > Thanks > > Mariano Lopez > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
