My tomcat application (running on a linux host) has 2 types of clients. Local clients coming on localhost (127.0.0.1) and external clients coming on external interfaces. I want to enforce use of SSL only for external clients. How do I do that? If I use <security-constraint> I am assuming it will apply to both local as well as external clients.
-Ajay
