This week's book giveaway is in the Design forum.
We're giving away four copies of Design for the Mind and have Victor S. Yocco on-line!
See this thread for details.
Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat filters

 
Mark Hughes
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

Ive been doing some research and i discovered that the following code put in a web.xml will force Tomcat to redirect to a https connection for certain wildcard matches, or in the below case all pages in the domain.
My question is though if only a few pages below were added to the filter such as login page and account page, https is invoked when those pages are requested, but then tomcat keeps a https connection from that point on.
Is it possible to also have filters that force tomcat to redirect to a non ssl port for some pages that do not need securing.

So based on the url pattern, Tomcat will redirect to https and then back to http?




Best
Mark Hughes
 
Mark Hughes
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Guys,

Any takers on this?
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, that's not possible. But you can do that explicitly in the HTML by using absolute URLs starting with "http:". If you use relative URLs (which do not contain the protocol to use), then it's going to keep using HTTPS.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18098
50
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By the time a web request gets to the Tomcat filter, it's already passed through the network and been decrypted. So a filter can't help.

Don't make the common mistake of thinking that a web session is a continuous conversation that you can switch. The underlying HTTP(S) protocol is strictly atomic, and it's only by generous use of smoke and mirrors that we make webapps appear to have a connection from one press of the Submit button to the next.

Part of that "smoke and mirrors" is the URL that makes the next request. And as Ulf said, you can control the protocol, server, and port by shaping the URL(s) that the server for the previous request sends back in links, resource references and form submit targets.
 
Mark Hughes
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
cool thanks guys, that makes sense.

Best
Mark Hughes
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic