Hello, I'm not going to bother responding to the many posts that said the solution I mentioned was wrong, instead I'll just provide the example of how to do it, since it works.
==== ..... lines removed ..... package blah; ..... lines removed ..... public final class SomeFilterClass implements Filter { ..... lines removed ..... public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse rsp = (HttpServletResponse) response; rsp.sendRedirect(req.getRequestURI()); filterChain.doFilter(request, response); } ..... lines removed ..... } ===== And below is what the web.xml looks like: ===== .... lines removed ..... <filter> <filter-name>SomeFilterClass</filter-name> <filter-class>blah.SomeFilterClass</filter-class> </filter> <filter-mapping> <filter-name>SomeFilterClass</filter-name> <url-pattern>/ssl/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> ..... lines removed ..... <security-constraint> <web-resource-collection> <web-resource-name>RequiresLogin</web-resource-name> <url-pattern>/html/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>somerole</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>RequiresSSL</web-resource-name> <url-pattern>/ssl/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-role> <role-name>somerole</role-name> </security-role> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/ssl/login.jsp</form-login-page> <form-error-page>/ssl/login-error.jsp</form-error-page> </form-login-config> </login-config> ..... lines removed ..... ===== Of course you'll need to change the login/security constraint URLs and role name to match those in your environment. For anyone who stated the earlier statements were incorrect, I encourage you to provide another "better" working example. This one works for me and is used by other industry professionals. Regards, Justin Here is an example: > Date: Wed, 7 Jan 2009 09:35:33 +0100 > From: rc4...@googlemail.com > To: users@tomcat.apache.org > Subject: Re: j_security_check with https > > Hi Justin, > > On Wed, Jan 7, 2009 at 4:13 AM, Justin Randall <ran...@hotmail.com> wrote: > > > > Create a Filter subclass with the sole purpose of having its "doFilter" > > method call "sendRedirect" on the HttpServletResponse object. Map this > > Filter to the same URL pattern you use for SSL and make sure to use the > > <dispatcher> tags for FORWARD, INCLUDE, ERROR, and whatever other > > RequestDispatcher operations you want to ensure use SSL. > > > > You've got any example using this solution? > > Gregor > -- > just because your paranoid, doesn't mean they're not after you... > gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 > gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > _________________________________________________________________ Keep in touch and up to date with friends and family. Make the connection now. http://www.microsoft.com/windows/windowslive/