Thanks, but I think there is a "better" way to do it, such that the request never even gets to the servlet or JSP page if it isn't secure when it should be. I just don't know it.
John > -----Original Message----- > From: Graham King [mailto:graham@;gointernet.co.uk] > Sent: Friday, October 25, 2002 8:29 AM > To: Tomcat Users List > Subject: Re: Apache-Tomcat > > > See javax.servlet.ServletRequest.isSecure() > > This should do it: > > if ( request.isSecure() ) { > // All is well > } > else { > // Redirect to https site > } > > > Turner, John wrote: > > I only know the inelegant, brute force way, which is to > check the request > > object for the request type, and if it's "http" when it > should be "https", > > do a redirect to the same URL but with "https" prepended. > > > > There's probably a much more robust and correct way to do > this using Tomcat > > security restrictions and realms, but I haven't worked with > them that much, > > so I don't want to give you wrong information. Lots of > people on the list > > have done this, though, so perhaps the best way to proceed > would be to start > > a new thread with a new subject about restricting > particular URLs to SSL. > > > > John > > > > > > > >>-----Original Message----- > >>From: Christie I [mailto:christie_iii@;yahoo.com] > >>Sent: Friday, October 25, 2002 1:04 AM > >>To: Tomcat Users List > >>Subject: RE: Apache-Tomcat > >> > >> > >> > >>Hi > >> > >>Thank you very much John. It worked!. I have one last > >>problem. Iam running Openssl. Iam having *.jsp files in my > >>webapps/myproject directory that some of the files needs to > >>be accessed by https and not thru http? How to do this? > >> > >>for eg :https://0.0.0.0/welcome.jsp should not be accessed > >>thru http://0.0.0.0 ? How to do restrict this? > >> > >>Thanks in advance > >> > >> > >> > >> > >>--------------------------------- > >>Get a bigger mailbox -- choose a size that fits your needs. > >> > > > > > > -- > > To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> > For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org> > -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org> -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
