-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pablo,

John Doe wrote:
> Thanks a lot by the explanation. Looks like Tomcat (or maybe the
> "Servlet specification"?) needs a mechanism to switch from https to
> http when this access is declared by a <security-constrains> otherwise
> is forcing programmers to always use programmatic security to made this
> switch

It isn't Tomcat's job to guess when you want to go back to http, it's
yours. It isn't very difficult to build a complete URL (including
protocol) for a link. I would imagine that you have very few places in
your application where you need to:

1. Switch from HTTP to HTTPS
and
2. Switch from HTTPS to HTTP

I recommend that you treat those as special cases and hand-code them as
appropriate.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFnQT89CaO5/Lv0PARAgrAAJ9mC1jWsr5rYmD7El+d6OGO3rIJzACeOiN2
D2fSjZ+YlIfUXzaXatPV0Kg=
=mxZ3
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)