Hi Neal,
<security-constraint>
<display-name>Web Booking</display-name>
<web-resource-collection>
<web-resource-name>Web Booking
</web-resource-name>
<url-pattern>/web/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>
CONFIDENTIAL
</transport-guarantee>
</user-data-constraint>
</security-constraint>
Will do what you want. This will switch the transport to HTTPS.
You can also check programatically using "request.isSecure()"
in the servlet to make sure the administrator has installed
your application and SSL correctly.
neal wrote:
Does anyone know how to *require* that a page be accessed only via a secure
connection?
For instance, I *can* request a secure connection to a page by going to
"https://"; and the url ... but how do I prevent a user from going to
"http://"; to request that same page?
Would this be a proxy thing or is something I can set in Tomcat? Is there
something that wouldn't require the overhead of reflecting upon every single
request at the Java level?
Thanks.
neal
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
--
Jon Eaves <[EMAIL PROTECTED]>
http://www.eaves.org/jon/
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
