Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Declarative Security & SSL

 
Michael Fitzmaurice
Ranch Hand
Posts: 168
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all

I have a web app deployed in Tomcat. I would like to declaratively secure the application such that all pages are inaccessible unless the user successfully authenticates. This is easy enough. I would also like to use HTTP form authentication over SSL - this is also easy enough. However, what I would like to do (declaratively) is to use SSL only on the login page. If I do something like this in web.xml:



This means the user cannot access any page without authenticating, but it also means all pages are being served over SSL, which is not necessary for my application. However, I do want to protect the communication of the user's credentials with SSL, hence I want to be able to specify SSL for the login page. Is this possible declaratively, and if so, how?

Thanks

Michael
[ March 02, 2005: Message edited by: Michael Fitzmaurice ]
 
Rich Raposa
Ranch Hand
Posts: 46
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think it's as easy as putting the complete URL to the login page. Something like:

https://www.myhost.com/login.html

This is as opposed to just putting "/login.html" in web.xml.
 
Michael Fitzmaurice
Ranch Hand
Posts: 168
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rich

Thanks for your response - I never thought to try that. Unfortunately, it doesn't seem to work; any path you put in the <form-login-page> element must start with a '/', so absolute URLs are not possible.

Does anyone else have any ideas?

Thanks

Michael
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic