Hi,
My tomcat server is setup with SSL and the problem is I want visitors
generally being unable to connect to any urls by https except those I
explicitly want them to see in secure mode.
I tried the following in web.xml but it does not stop (or redirect to
non-secure mode) someone who explicitly typed https://my.site/url:
<security-constraint>
<web-resource-collection>
<web-resource-name>All</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
Can I possibly achieve this by specifying something in the deployment
descriptor or must I resort to doing the redirects by coding in each page in
the webapp?
Thank you.
Raymond
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]