Once you serve content via SSL, further URLs can be relative. There is no requirement that all SSL-based URLs be hardcoded.
If you have myApp/whatever.jsp in your content, and the request originated via SSL, the URL will be converted to https://some.server.com/myApp/whatever.jsp on the fly. Since best practice for SSL is to protect ALL content in the SSL-enabled "area" and not just the page that asks for a password or credit card number, the scenario above happens by default. The only time you need to hardcode the entire URL is when you want to switch from SSL to non-SSL, or non-SSL to SSL, and that's because the switch is done by the browser, not the server, and the browser needs to know whether to attempt a connection to port 80 or port 443. John > -----Original Message----- > From: Alexander Wallace [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 09, 2002 4:46 PM > To: Tomcat Users List > Subject: Advise on how to hanle url names when using https > > > Hi there. Using apache + tomcat, is there a better/different way of > reffering to resources (jsps/servlets) in an app when https > is required > other than hardcoding the full url > (https://my.server.com/myapp/whatever.jsp) in the jsps and servlet's > that whant to call those resources? > > Thanks. > > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
