Hi Everyone,
I'm totally new at the email list thing here, and I could use a little help
on tomcat http/https config
We have developed a web app that uses tomcat 5, and would like to switch
between http / https depending on the URL. This is so users can sign in and
view their account infor via https, and the app public pages can be on
normal port 80. We've had some success with this, and can switch to https
from http, althought sometimes it appears to drop the session. The problem
we're having is switching back to http (and the session dropping). Here's
the first modification to our web.xml file
<security-constraint>
<display-name>Secure Access</display-name>
<web-resource-collection>
<web-resource-name>LoginServlet</web-resource-name>
<web-resource-name>AdminServlet</web-resource-name>
<url-pattern>/login</url-pattern>
<url-pattern>/my-account/*</url-pattern>
<url-pattern>/acct</url-pattern>
<url-pattern>/admin</url-pattern>
<url-pattern>/zadmin/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
This works for switching to https from http, but we would like to switch
back as well. We added the following to the file in hopes to make this
happen
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
But no luck! We've also searched the web pretty well. I found an article
about tomcat 4 that said switching between protocols in the same session was
disabled. A few books we've looked at have not helped - I thought this
request would be more popular for web app developers but now I'm not sure.
Does anyone have any thoughts on this?
Any help is greatly appreciated.
Best Regards,
Rob
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
