Hi, > Christopher Schultz wrote: > If you want to switch protocols
I don't think I want that... but maybe I do not understand properly what you mean... For the webapp I've been considering in that thread, I would like Tomcat to serve pages only via HTTPS. I do not want some pages to be served via HTTP and some others to be served via HTTPS. I don't know if it clarifies my point... Have you had a little time to have a look at the configuration files I posted yesterday (complete "server.xml" and excerpt from the webapp's "web.xml")? 1) In "web.xml", I set the "CONFIDENTIAL" security constraint which, as far as I understood, imposes the use of the HTTPS protocol to serve the JSP pages of the webapp. 2) Ideally, I would like the webapp users to enter HTTPS URLs in their browser URL bar/directly click URLs like https://host/webapp/a-page.jsp. But I also would like them to be able to enter HTTP URLs like http://host/webapp/a-page.jsp which are, to my understanding automatically "transformed" into https://host/webapp/a-page.jsp thanks to the "server.xml" configuration line: -------------------------------------------------------------------------------- <Connector port="80" enableLookups="false" redirectPort="443"/> -------------------------------------------------------------------------------- I realize I do not know what happens to the request in that case (http://host/webapp/a-page.jsp). Is it encoded or not? > Terence M. Bandoian wrote: > I'm not sure how you're using it but it's worth pointing out that > response.sendRedirect "Sends a temporary redirect response to the > client..." The client (browser) must then send another request to the > server before any additional processing takes place. In contrast, > pageContext.forward takes place entirely on the server. I didn't know that. I thought there was one HTTP(S) request and one HTTP(S) response only. How can the mechanism you describe above affect the use of HTTPS for a webapp with the "CONFIDENTIAL" security constraint on a standalone Tomcat server? I'm using "sendRedirect()" in a very straightforward way I think. I use some sort of "pipelines" for a subset "S" of JSPs in the webapp: 1) Given a JSP "s" in "S", it contains a "form" with an "action" attribute mapped via "web.xml" to a servlet L. 2) The servlet L implements either a doPost() or (rarely) a doGet() method. 3) Given what was submitted via the form, "work" is performed in the servlet. 4) When the servlet work is done and depending on the result (success 1, ..., success n / error 1, ..., error n), the servlet redirects towards the next JSP using the method "sendRedirect()". Is there "a temporary redirect response to the client" in that case? Is this behavior documented somewhere? I could totally benefit from a good documentation... Best regards. -- View this message in context: http://tomcat.10.x6.nabble.com/From-HTTP-to-HTTPS-request-getHeader-referer-tp5024782p5024951.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org