Check the value of "request.isSecure()" and Do The Right Thing ;) It's the app that cares whether the page is secure.
On Fri, Apr 26, 2002 at 05:04:01PM +0100, Steve D George wrote: > Hi, I'm working with a standalone Tomcat 4.0.2 on W2K. I've just gone > through the SSL How To and created myself a little certificate and got > everything working over SSL. I can access all my pages over HTTP or HTTPS. > > My question now is how to enforce the use of HTTPS for a given page. The > SSL How To says that any page that absolutely requires SSL should check the > protocol of the request and take the appropriate action, by which I presume > it means that you code a redirect to the same page but over https. > > Is this the standard way to enforce it though. I sort of imagined that you > would be able to say that any page in a certain directory should be served > over HTTPS and just let tomcat handle it for you? Cheers, Simon -- 'I went to a restaurant that serves "breakfast at any time". So I ordered French Toast during the Renaissance.' --- Steven Wright -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>