ould seem to be an improvement.
It is also used by 'industry professionals' and works perfectly well for me.
Am happy to be corrected if I'm wrong.
p
> Regards,
>
> Justin
>
> Here is an example:
>
>> Date: Wed, 7 Jan 2009 09:35:33 +0100
>> Fro
rs@tomcat.apache.org
> Subject: Re: j_security_check with https
>
> Hi Justin,
>
> On Wed, Jan 7, 2009 at 4:13 AM, Justin Randall wrote:
> >
> > Create a Filter subclass with the sole purpose of having its "doFilter"
> > method call "sendRedirect&quo
played content, (e.g. static or cached
> content), but if you want a secure site you've got to lock it down, from
> top to bottom.
In fact, in regard to the email example: I think I'd rather my email was
private actually, when I consider how many passwords/resets I ge
nt a secure site you've got to lock it down, from
top to bottom.
p
> Hope this helps.
>
> Justin
>
>> Date: Tue, 6 Jan 2009 19:01:24 -0200
>> From: diegogus...@gmail.com
>> To: users@tomcat.apache.org
>> Subject: Re: j_security_check with htt
Hi Justin,
On Wed, Jan 7, 2009 at 4:13 AM, Justin Randall wrote:
>
> Create a Filter subclass with the sole purpose of having its "doFilter"
> method call "sendRedirect" on the HttpServletResponse object. Map this
> Filter to the same URL pattern you use for SSL and make sure to use the
> ta
> From: Justin Randall [mailto:ran...@hotmail.com]
> Subject: RE: j_security_check with https
>
> There is a point of switching back to HTTP after HTTPS. From
> a server load perspective having to perform SSL computations
> for every single HTTP request can be a serious perfor
.
Hope this helps.
Justin
> Date: Tue, 6 Jan 2009 19:01:24 -0200
> From: diegogus...@gmail.com
> To: users@tomcat.apache.org
> Subject: Re: j_security_check with https
>
> this didnt work
>
>
>
>
>
>
My question is how to combine the form based authentication, where we use
"jsecuritycheck" , "jusername" etc with https.
As far as I know if we use form based authentication username and
password will be authenticated by the container managed resource
called 'jsecuritycheck". But the data transfer
Gregor Schneider wrote:
> On Tue, Jan 6, 2009 at 9:13 PM, Diego Armando Gusava
> wrote:
>> no man, example, email
>>
>> when u login, your username and password will be transport https, but
>> after that, you are in http! u dont need https because, you are only
>> reading messages(emails)
>>
>
>
curity_check with https
>>
>> when u login, your username and password will be transport https, but
>> after that, you are in http! u dont need https because, you are only
>> reading messages(emails)
>
> And what does that have to do with the behavior of a servlet contai
> From: Diego Armando Gusava [mailto:diegogus...@gmail.com]
> Subject: Re: j_security_check with https
>
> when u login, your username and password will be transport https, but
> after that, you are in http! u dont need https because, you are only
> reading messages(emails)
On Tue, Jan 6, 2009 at 9:13 PM, Diego Armando Gusava
wrote:
> no man, example, email
>
> when u login, your username and password will be transport https, but
> after that, you are in http! u dont need https because, you are only
> reading messages(emails)
>
Then just phrase your url-pattern in y
Subject: Re: j_security_check with https
>>
>> when i try to access mySecurePath for example, tomcat show me a login
>> page with https but after that i dont need for example be with https,
>> because i only need to send protected username and password.
>>
>> i
> From: Diego Armando Gusava [mailto:diegogus...@gmail.com]
> Subject: Re: j_security_check with https
>
> when i try to access mySecurePath for example, tomcat show me a login
> page with https but after that i dont need for example be with https,
> because i only need to send
"orm Based Authentication has the same lack of security as Basic
Authentication since the user password is transmitted as plain text
and the target
server is not authenticated. Again additional protection can alleviate
some of these
concerns: a secure transport mechanism (HTTPS)."
i want " secure
let me explain
when i try to access mySecurePath for example, tomcat show me a login
page with https but after that i dont need for example be with https,
because i only need to send protected username and password.
i want to only need login.jsp with https!!
2009/1/6 Pid :
> Diego Armando Gusa
Diego Armando Gusava wrote:
> i dont know how to request j_security_check on https!
>
> i attemped http://wiki.apache.org/tomcat/SSLWithFORMFallback but didnt work
I think the above attempts to find an SSL cert, but falls back to FORM
auth. Which isn't perhaps what you want?
>
>
i dont know how to request j_security_check on https!
i attemped http://wiki.apache.org/tomcat/SSLWithFORMFallback but didnt work
/login.do
/login/loginError.jsp
tomcat redirect to Http!
c
18 matches
Mail list logo
