From a config point of view no. The "simple workaround"
- Ditch the web.xml config for requiring SSL
- Create a filter which checks the scheme and URL - if the do not match what
you desire - you can issue a redirect in the filter to https (or http) as desired
-Tim
August Detlefsen wrote:
Is there no way to do it? SSL creates a lot of overhead for a site that
is serving up 100MB image files.
--- Tim Funk <[EMAIL PROTECTED]> wrote:
no
-Tim
August Detlefsen wrote:
In my webapp I force clients to use SSL encryption for logins with
a
security constraint and transport-guarantee elements like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/login/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
However, once a user hits the login page, every subsequent page
also
uses https. Is there a way to force them back to regular http once
they
leave the login section?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
