You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Drinkwater, GJ (Glen)" <G....@dl.ac.uk> on 2002/08/09 15:11:17 UTC
SSL just for a login page
Hi
I have been working with tomcat with a web site. There is a initial login
page which sends the username and password to a servlet that checks them
against a database. I want to have the informatin sent over ssl but then i
want the user to be sent back to a none ssl page for the rest of the
session. With out explicitly calling https:// and http:// within the
redirects (ie i want all locations relative) how do i canfigure tomcat. I
have configured it to the login page is on ssl but when the servlet sends
the user back to a page that page is also ssl.
I have added this to my web.xml file
<security-constraint>
<web-resource-collection>
<web-resource-name>DataPortal</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>DataPortal</web-resource-name>
<url-pattern>/Login.html</url-pattern>
<url-pattern>/servlet/LoginServlet</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Also the second problem when i take off the Login page and off the
CONFIDENTIAL section so a person goes to the login page and then enters the
username and password, the information is sent to the server over ssl but my
LoginServlet code cannot pick out the parameters passed to it???
Can anybosy help me with this
Thanks glen
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>