Hi, How can I implement SSL only for my application and not for any other application installed on my application server? I am using JRun4. Is there anyway to implement SSL only for login servlet and not for other requests? Thanks.
Not that I know of, but nothing stops you from writing a servlet filter which examines request.getContextPath(), request.getServletPath() and request.isSecure() and, using this information, makes sure that secure requests only go where you want them to go. - Peter
I would consider this the responsibility of the web server (not the container) and could be implemented using pattern matching and redirects. ie 'only accept HTTPS for the login servet and not for anything else' We have quite a different set up and tend to enforce HTTPS via an application context.
Peter den Haan
Joined: Apr 20, 2000
Thanks David. Good call. If you front JRun with a "proper" web server then by all means use that. - Peter