I don't know the answer to that. It's unlikely, though. You could put something like Apache in the front and use URL rewriting, which can basically force any URL with a given pattern to be redirected, either forcing HTTP or HTTPS and doing the redirect only when the scheme is not what you want.
In general, though, when you know you are shifting between secure and insecure, you should perhaps create URLs that make this explicit. In general, you enter a secure mode when starting a secure set of transactions, and then switch back when you are done. Of course, you could just stay with HTTPS once they enter secure mode since securing the communications may have overhead, but it adds privacy. David ----- Original Message ----- From: "Antony Paul" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]>; "David Wall" <[EMAIL PROTECTED]> Sent: Thursday, October 14, 2004 9:42 PM Subject: Re: How to redirect http to https automatically? > Is it possible to switch from https to http using this kind of configuration ? > I tried with NONE for user constraint but it still remains in https. > > rgds > Antony Paul > > > On Thu, 14 Oct 2004 08:40:31 -0700, David Wall <[EMAIL PROTECTED]> wrote: > > This is part of the servlet specs. In your WEB-INF/web.xml file, you need > > a security constraint that says the site should be secure, something like: > > > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Entire site</web-resource-name> > > <url-pattern>/*</url-pattern> > > <http-method>GET</http-method> > > <http-method>POST</http-method> > > </web-resource-collection> > > <user-data-constraint> > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > </user-data-constraint> > > </security-constraint> > > > > The "confidential" keyword ensures that the webapp will require https, so if > > you try to get it via http, then the redirect stuff specifed in your > > server.xml will be applied. > > > > David > > > > > > > > ----- Original Message ----- > > From: "Won Sim" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, October 13, 2004 8:13 AM > > Subject: How to redirect http to https automatically? > > > > > I set redirectPort attribute to 443, which is my SSL connector port > > number, > > > from port 80 connector in the server.xml. This doesn't redirect http to > > > https automatically. In other words, I still can access the application > > via > > > http://server/myapp. I want to know how to redirect http to https > > > automatically so when I enter http://server/myapp, Tomcat redirects to > > > htts://server/myapp. I am using Tomcat 4.1.30. > > > > > > Thanks in advance. > > > Won. > > > > > > _________________________________________________________________ > > > Don't just search. Find. Check out the new MSN Search! > > > http://search.msn.click-url.com/go/onm00200636ave/direct/01/ > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
