Markus Barenhoff wrote: > hi there, > > i'am looking for "the way" to switch to ssl? we are using jboss with > tomcat. i've already tested by hand, that the session is persistant over > the http and the https connector of the tomcat. what i'am looking for is > a way to switch over from http://foo.bar:8080/app/faces/bla.jsp to > https://foo.bar:8443/app/faces/bla.jsp when the user clicks on the > button which triggers an jsf navigation event. or more precicely: what > do i have to do, to make myfaces render the the https-url to the action > attibute of the form ? > > thnx > > markus >
Another way would be to use security constraints in your web.xml. This
may or may not work exactly how you want. It works quite well for us to
require that certain URLs must be accessed only via SSL
examples:
<security-constraint>
<web-resource-collection>
<web-resource-name>all URLs</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I think this requires that Tomcat be configured for the redirection:
<Connector port="80" redirectPort="443" ...>
or
<Connector port="8080" redirectPort="8443" ...>
So it knows how exactly to do the SSL redirect
--
Dave Brondsema
Software Developer
Cornerstone University
signature.asc
Description: OpenPGP digital signature
