[reply] > You need to understand the difference between running Tomcat > standalone and integrated with a web server (such as Apache). .. [snip] [/reply]
Knowing all this, is there a way for a servlet to reliably know whether Apache is currently replying to http or https? The Apache connector portion works perfectly using two different IP addresses and IP#1 being non-secure, while IP#2 is secure. I'm having a bit of difficulty with 'response.sendRedirect([relativeURL])' where one application contains both secure and non-secure content. I've seen this question asked in several threads, but haven't seen a definitive answer. - 'servletRequest.isSecure()' (okay, an extension of...) doesn't work because the traffic between Apache and Tomcat isn't encrypted. 'isSecure()' _always_ returns false, since the traffic it's receiving isn't encrypted. - I've tried using 'request.getRequestURL()' to dynamically decide whether the traffic is secure: i.e. http://server/directory/referringpage.jsp == not secure so a relativeURL to newpage.jsp will work; http://server:443/directory/referringpage.jsp == secure so I parse out the server name, append 'https', and use an initial parameter for the port (in this case an empty string - but it could be ':8443'). The problem is that 'getRequestURL' indicates where the request came _from_, so a redirect from a secure page to a non-secure page fails. - Currently I put the fully qualified URL for both http and https in an initial parameter in web.xml, then I just append that to my URL in a redirect. At least I can move code to a new server without recompiling the whole mess. The problem is that I don't want to depend on the code knowing whether it is forwarding to a secure page. Has anyone found a better way to do this? <=======================> Chris Parker Programmer/Analyst Health Care Services Division California Youth Authority -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
