permaculture playing cards
The moose likes Servlets and the fly likes Switching from HTTPS back to HTTP Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA Java SE 8 Programmer I Study Guide this week in the OCAJP 8 forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Switching from HTTPS back to HTTP" Watch "Switching from HTTPS back to HTTP" New topic

Switching from HTTPS back to HTTP

Michael Remijan
Ranch Hand

Joined: May 29, 2002
Posts: 128

Using security constraints in the web.xml, I know how to automatically swtich from HTTP to HTTPS if a user goes to a resource in a non-secure way which needs to be secure. An obvious example of this is a user login page. See the snippet from web.xml below. This snippet will automatically redirect the browser to HTTPS for any resources in /admin/public/*

Now, however, after the user is logged in I want to switch out of HTTPS and back to regular old HTTP. I tried putting in a new security constraint with transport-guarantee = NONE but this didn't work. Any suggestions?

Java EE Evangelist — Author, EJB 3 in Action 2nd Edition — Java Community Process Member
Alessandro Ilardo
Ranch Hand

Joined: Dec 23, 2005
Posts: 218
have look:

trying to decode a woman mind....
I agree. Here's the link:
subject: Switching from HTTPS back to HTTP
It's not a secret anymore!