You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by August Detlefsen <au...@yahoo.com> on 2005/05/26 02:04:29 UTC
Force Non-SSL
In my webapp I force clients to use SSL encryption for logins with a
security constraint and transport-guarantee elements like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/login/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
However, once a user hits the login page, every subsequent page also
uses https. Is there a way to force them back to regular http once they
leave the login section?
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Force Non-SSL
Posted by Tim Funk <fu...@joedog.org>.
no
-Tim
August Detlefsen wrote:
> In my webapp I force clients to use SSL encryption for logins with a
> security constraint and transport-guarantee elements like this:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Login</web-resource-name>
> <url-pattern>/login/*</url-pattern>
> </web-resource-collection>
>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> However, once a user hits the login page, every subsequent page also
> uses https. Is there a way to force them back to regular http once they
> leave the login section?
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org