At 11:50 PM 12/2/2002 -0800, you wrote:
Hi Bill,> You can use a security constraint with a <transport-guarantee> element to > require that certain accesses be performed only on SSL connections. Then, > the container will do the necessary redirect for you.Urm, on my reading of the 2.3 spec, this would be a bug if Tomcat 4.x enforces a <transport-guarantee> on a rd.forward/include. Not to mention the fact that it would mean that I'd have to go back and spend many more hours studying the Catalina API :).
My take on what Craig said is to use a Transport Guarantee in replacement for the filter -> RequestDisplatcher.forward(). So, the Transport Guarantee would already have taken place. Any forward() happening would take place place after the transport guarantee did its thing and then the servlet or filter actually got executed. So, it doesn't seem you need to study any more than you already are.
Jake
