Chris,

  Of course that is not a Tomcat's job, but if exists a redirection
from http to https I wonder why does not exists a reverse way in the
"declarative security" mechanism provided by the servlet
specification.

  But like you point, there are not so many places where a
programmer must resolve this kind of situations.

Cheers!

- Pablo

On 1/4/07, Christopher Schultz <chris@(protected):
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Pablo,
>
> John Doe wrote:
> > Thanks a lot by the explanation. Looks like Tomcat (or maybe the
> > "Servlet specification"?) needs a mechanism to switch from https to
> > http when this access is declared by a <security-constrains> otherwise
> > is forcing programmers to always use programmatic security to made this
> > switch
>
> It isn't Tomcat's job to guess when you want to go back to http, it's
> yours. It isn't very difficult to build a complete URL (including
> protocol) for a link. I would imagine that you have very few places in
> your application where you need to:
>
> 1. Switch from HTTP to HTTPS
> and
> 2. Switch from HTTPS to HTTP
>
> I recommend that you treat those as special cases and hand-code them as
> appropriate.
>
> - -chris
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFnQT89CaO5/Lv0PARAgrAAJ9mC1jWsr5rYmD7El+d6OGO3rIJzACeOiN2
> D2fSjZ+YlIfUXzaXatPV0Kg=
> =mxZ3
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@(protected)
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>
>

---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)