You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by is_maximum <mn...@gmail.com> on 2007/08/01 10:06:29 UTC

RE: how to setting up SSL for a specific page

Caldarale, Charles R wrote:
> 
> Read section 12 of the servlet spec.  Use a <url-pattern> in conjunction
> with the <transport-guarantee> that covers only the login page.
> 
>  - Chuck

Thank you Charles, 
I've read the servlet spec, but my problem is I specified /login.jsp as
url-pattern in deployment descriptor and before the user reach that page
everything is normal but when the page is going to display the http will
change to https and it's right. the problem is after login every page is
secure as well, and even if I remove the "s" from https it won't work.

I need only login page to be secured not all the pages after that

-- 
View this message in context: http://www.nabble.com/how-to-setting-up-SSL-for-a-specific-page-tf4135638.html#a11941375
Sent from the Tomcat - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: how to setting up SSL for a specific page

Posted by "Caldarale, Charles R" <Ch...@unisys.com>.

> From: is_maximum [mailto:mnrz57@gmail.com] 
> Subject: RE: how to setting up SSL for a specific page
> 
> I need only login page to be secured not all the pages after that

This is a harder problem, since switching back to HTTP after
authenticating via HTTPS opens a security hole.  However, you may be
able to use this with good effect:
http://securityfilter.sourceforge.net/

For background, take a look at these threads:
http://marc.info/?l=tomcat-user&m=118313590123430&w=2
http://marc.info/?l=tomcat-user&m=117515290507605&w=2
http://marc.info/?l=tomcat-user&m=117010975112868&w=2


 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org