How do I remove HTTPS after login in ? I have read other posts. I still need
this thread as it has to do with JAAS on tomcat. Please read on. For the
hasty, jump to 9 onwards.

My UI stack is as follows :
* JSF 1.2, Facelets, Richfaces 3.2.1
* Tomcat 6

0. Relevant web.xml entries
                <display-name>User Login Page</display-name>
                        <web-resource-name>Login Resource</web-resource-name>

0.1 Login page :

                <rich:panel id="loginPanel">
                <f:facet name="header">Login Panel</f:facet>
                        <form method="post" action="j_security_check ">
                                                <td>User Id</td>
                                                <td><input type="text" 
name="j_username" /></td>
                                                <td><input type="password" 
name="j_password" /></td>                                            
                                                <td align="center">
                                                        <input type="submit" 
value="Login"  />

1. SSL Enabled Login page
2. Rest are non SSL-pages
3. JAAS Configured with some page requiring login (therefore fwd to SSL)
4. Homepage has 'Login' hyperlink -- which points to

Simple Login Usercase
5. User clicks on 'Login' hyperlink

6. Tomcat CMA intercepts and takes user to /pages/login/login.jsf 
   but URL shows

7. User keys in credentials and login is successful

8. Userhomepage.jsf http response is generated and shown on browser BUT URL
is still


9. HTTPS should not be show from 8 onwards. How do I remove it ?


10. I know that HTTPS has to be programattically removed. But between
    7 and 8, How do I do it ? 
    a) Where do I put a URL rewrite filter code ? It won't even be invoked..
    b) How can I do it programmatically when the redirection is being 
       done by Tomcat ?

On a side note (question on JAAS configured on Tomcat )

11. Why do I have to declare '/pages/secure/*' with 
12. Why isn't there a way to just forward to login.jsf which forwards to
j_security_check ?

13. Is there a way to make Tomcat container aware of a JAASubject
    What I would really like is a Richfaces modal panel for a login ?
Such a simple use case has become really complicated. Instead of
across presentation layers, it's ties you down to a one mechanism.
Very frustrating.

Thank you ! 
View this message in context:
Sent from the Tomcat - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to