Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SSL for Login Servlet.

 
L Goundalkar
Ranch Hand
Posts: 395
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
How can I implement SSL only for my application and not for any other application installed on my application server? I am using JRun4.
Is there anyway to implement SSL only for login servlet and not for other requests?
Thanks.
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not that I know of, but nothing stops you from writing a servlet filter which examines request.getContextPath(), request.getServletPath() and request.isSecure() and, using this information, makes sure that secure requests only go where you want them to go.
- Peter
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would consider this the responsibility of the web server (not the container) and could be implemented using pattern matching and redirects. ie 'only accept HTTPS for the login servet and not for anything else'
We have quite a different set up and tend to enforce HTTPS via an application context.
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks David. Good call. If you front JRun with a "proper" web server then by all means use that.
- Peter
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic