j_security_check forward, https client -> surrogate squid -> http tomcat

["Price, Joe" <JP...@CECControls.com>]

Hello all, I have the following configuration:

Inet client (HTTPS) -> proxy/firewall surrogate server
(squid-2.5.STABLE5) openbsd -> HTTP -> origin server (Apache/1.3.29 -
jakarta-tomcat-4.1.30) openbsd

We have our SSL certs on the squid server and to keep data secure over
the internet, squid passes valid requests inside to our webserver /
application server. Everything works fine if the client is using HTTP.
Everything works fine if the client is using HTTPS _EXCEPT_  if the
application resides within a tomcat authentication realm. The problem is
once a client authenticates the j_security_check module forwards them to
an absolute HTTP URL because between the squid proxy and the webserver
everything _IS_ just HTTP.  So once they authenticate they end up with
HTTP instead of HTTPS. Granted this is probably the expected behavior
and there is nothing wrong with this except that I need it to be HTTPS
when the request is HTTPS.

My question, where should I fix this problem? Is there someway to make a
relative HTTP 302 redirect from j_security_check (not sure on the
validity of that)? Should I do some manipulation at the squid level (not
sure how)? Pretty much what I need is if the request from the client was
HTTPS I need the redirected page to be HTTPS. All internal requests from
internal clients (non INET) are HTTP and those are all fine. 

Thank you