There's also a <transport-guarantee> element for web.xml that's supposed to
be handy for doing this declaratively.
Mike.
----- Original Message -----
From: "Andy Eastham" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Thursday, January 16, 2003 10:29 PM
Subject: RE: Require a secure connection
try:
if (!request.isSecure())
{
// abort code here
}
You can put this in a superclass of all your secure servlets if you like.
Andy
> -----Original Message-----
> From: neal [mailto:[EMAIL PROTECTED]]
> Sent: 16 January 2003 22:09
> To: Tomcat Users List
> Subject: Require a secure connection
>
>
> Does anyone know how to *require* that a page be accessed only
> via a secure
> connection?
>
> For instance, I *can* request a secure connection to a page by going to
> "https://"; and the url ... but how do I prevent a user from going to
> "http://"; to request that same page?
>
> Would this be a proxy thing or is something I can set in Tomcat? Is there
> something that wouldn't require the overhead of reflecting upon
> every single
> request at the Java level?
>
> Thanks.
> neal
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
