Code Comments
Programming Forum and web based access to our favorite programming groups.
How to use HTTPS in login page, and HTTP in following pages.Dar All, I tried to set up a Form-Based login process with JDBC Realm. It is not secure enough. It is better to use a secure transport such as HTTPS (https://hostname:8443/application/p...Login/login.jsp) . Once login, I want to use HTTP to save some overhead. I have tried to put a switching link with absolute URL (http://hostname:8080/application/unprotected/other.jsp). It won't work. The session changes as the protocol changes. How could it be done. Any article on the web showing this? Pleas help. Regards, Anthony
Post Follow-up to this message
Re: How to use HTTPS in login page, and HTTP in following pages.Anthony Pong wrote: > Once login, I want to use HTTP to save some overhead. I have tried to > put a switching link with absolute URL > (http://hostname:8080/application/unprotected/other.jsp). It won't > work. The session changes as the protocol changes. > > How could it be done. Any article on the web showing this? Pleas help. > Regards, Can the SSO functionality of Tomcat be of use? http://jakarta.apache.org/tomcat/to...gn%20O n -- Øyvind Matheson Wergeland Just Another Virtual Applicati on Senior System Developer Manamind AS Creating the Corporate Information Feed [tm]
Post Follow-up to this message Re: How to use HTTPS in login page, and HTTP in following pages.SSO is new to me and need some time to read through the pages. Thanks Wergel and. Anthony
Post Follow-up to this message Re: How to use HTTPS in login page, and HTTP in following pages.Anthony Pong <ponganthony@yahoo.com> wrote: > I tried to set up a Form-Based login process with JDBC Realm. It is > not secure enough. It is better to use a secure transport such as > HTTPS (https://hostname:8443/application/p...Login/login.jsp) . > > Once login, I want to use HTTP to save some overhead. I have tried to > put a switching link with absolute URL > (http://hostname:8080/application/unprotected/other.jsp). It won't > work. The session changes as the protocol changes. > > How could it be done. Any article on the web showing this? Pleas help. > Regards, The resource constraints in web.xml that define the roles required to access a certain resource collection (read: URL's) can also prescribe transport constraints. These tell the application server that that data must be protected from tampering or also from prying eyes. In practice, both mean that the application server will use HTTPS instead of HTTP. Is this sufficient? -- Oscar Kind http://home.hccnet.nl/okind/ Software Developer for contact information, see website PGP Key fingerprint: 91F3 6C72 F465 5E98 C246 61D9 2C32 8E24 097B B4E2
Post Follow-up to this message Re: How to use HTTPS in login page, and HTTP in following pages.I think it is in the right direction. I found something on jguru that the SSL connector would redirectPort to say 8443: <security-constraint> <web-resource-collection> <web-resource-name>Security page </web-resource-name> <url-pattern>/web/login/signup.jsp</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> Difficult to say if your clue is enough for me or not. I may need some hours to try out the codes. Thanks Oscar Kind! Anthony
Post Follow-up to this message
Sponsored Links
Show a Printable Version
Email This Page to Someone!
Receive updates to this thread
Powered by vBulletin
Copyright 2000-2006 Jelsoft Enterprises Limited.
