I guess, in answer to my first question here, The security constrain tells tomcat to use it's own ssl, it won't tell apache to use ssl...
I would totally use tomcat stand alone with ssl, if i can figure out how not to loose objects created in the session before switching to https.. Any insight here? Thanks. On Fri, 2002-12-06 at 13:01, Alexander Wallace wrote: > I have not tested this, but wanted to make sure before I do all the > necesary changes. > > I have apache in front of tomcat, apache handles the ssl > communication... I need to make sure that some stuff happens only via > ssl, and i had a filter for that. But i was recommended to use a > security constranint in tomcat instead. Will this work having apache on > top of tomcat? > > Also. I only have apache + tomcat becouse when I enabled SSL to tomcat > stand alone, whenever switching to ssl, i would not be able to access > all my session objects created before the switch. Is there a way to > avoid that? If is i would just remove apache from the picture. Al my > static content needs to come from tomcat anyway. > > Also, is there a way to read the ip address of the requesting user if > apache is the front to tomcat? > > I realize some of this are different topics, but have to do with the > same stuff... > > Thanks to all in advance! > > > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>