I am trying to do some initial research on SSL and tomcat. Perhaps there is a faq out there that can help me, but the ones I've found on the tomcat site haven't, so I turn to the newsgroup.
I'm looking for some tried and true knowledge on implementing one tomcat instance with both secure and non-secure webapps. If I request comes into a webapp that needs to be secure, I would like to redirect that request to the secure site. Is it best to do this in code (by checking the request.isSecure()) and then issuing response.sendRedirect() or can it be done through server.xml in tomcat or web.xml in the webapp? I assume you'd set up a second <Host> in server.xml and include the webapp <Context> in there. The non-secure <Host> has a redirectPort configured which is suppose to then redirect to the secure site. Or would you set up the <security-constraint> in web.xml. Or am I way off? Jay -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
