Hi, RA> I'm trying to clear one last hurdle on this whole SSL thing. How RA> exactly do I force a certain page to require https protocol? The How-To RA> on SSL (which I have just about memorized at this point) states...
RA> "Any pages which absolutely require a secure connection should check the RA> protocol type associated with the page request and take the appropriate RA> action of https is not specified." RA> Can this be done in the web.xml file or is this done within each JSP or RA> Servlet? Is it possible to seamlessly redirect a user who requests a RA> page through http to be switched to https without altering the source RA> code of each page? I've scanned every e-mail on SSL on this list since RA> November and I've seen many similar requests, but nobody has ever RA> answered it. Weird. If somebody could point me in the right direction RA> I would be very grateful. Regards! Aaron Yes, put the following into the web-xml security-constraint part and tomcat redirects automaticly to ssl if the resource was requested. <user-data-constraint> <transport-guarantee> CONFIDENTIAL </transport-guarantee> </user-data-constraint> it is necessary that ssl is correctly set up in server.xml. Have a look at the HOW-To on the tomcat homepage so long Ingo Bruell --- <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <ICQ# 40377720> Oldenburg PGP-Fingerprint: CB01 AE12 B359 87C4 BF1C 953C 8FE7 C648 169E E5FC Germany PGP-Public-Key available at pgpkeys.mit.edu -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>