You can do this by setting up a connector for your application in server.xml that is HTTPS only.
Dave -----Original Message----- From: Steve D George [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 12:04 PM To: [EMAIL PROTECTED] Subject: How to enforce SSL??? Hi, I'm working with a standalone Tomcat 4.0.2 on W2K. I've just gone through the SSL How To and created myself a little certificate and got everything working over SSL. I can access all my pages over HTTP or HTTPS. My question now is how to enforce the use of HTTPS for a given page. The SSL How To says that any page that absolutely requires SSL should check the protocol of the request and take the appropriate action, by which I presume it means that you code a redirect to the same page but over https. Is this the standard way to enforce it though. I sort of imagined that you would be able to say that any page in a certain directory should be served over HTTPS and just let tomcat handle it for you? Thanks for any help, Have a great weekend everyone! Cheers, Steve. -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
