Greg Brownell wrote: > My whole site, all pages, are redirected to port 443 - everything is > secure. I only wanted the *.htm and the single file login.jsp to use > https.
> What am I doing wrong? I thought the <web-resource-collection> in > <security-constraint> was there to identify which pages should be secure? which pages *must* be secure -- other pages *may* be served securely. If you are using URLs in your secure *.htm pages that don't specify the protocol, e.g., <a href="/nonsecure.jsp">go</a> and that page is accessed via HTTPS, the actual URL is https://example.com/nonsecure.jsp If you want it served as `http://example.com/nonsecure.jsp`, you'll have to be more explicit about that URL... :-) HTH, -- Hassan Schroeder ----------------------------- [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
