Caldarale, Charles R wrote:
Read the servlet spec, chapter 13 (the 3.0 version is, unfortunately, harder to
comprehend than the earlier versions). Put the following in the
WEB-INF/web.xml of the webapps you wish to restrict to HTTPS:
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
It might be possible to add the above to just the global conf/web.xml file and then
override the global setting for the one unsecured webapp by setting its
<transport-guarantee> to NONE, but I haven't tried it.
Thanks.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org