Try this:

  <security-constraint>
    <web-resource-collection>
       <web-resource-name>Secure servlet</web-resource-name>
       <url-pattern>/path/to/servlet/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
    </web-resource-collection>
    <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

Regards,
D

--- Jan Strauch <waynel@(protected):

> Hello world!
>
> My problem :
>
> I want some of my servlets to be accessible only when HTTPS is used:
>   https:/<path to servlet> succeeds
>   http:/<path to servlet> gives an error
>
> The first step seems to work, but when i have logged in into the secure area,
> load a page using https, delete the "s" and reload, the page is also loaded.
>
> How do i block the unsecured reload?
>
> I tried some of the hints for JSPs, but they seem not to work with servlets.
>
> My web.xml:
>
> <web-app>
>      <servlet>
>           <servlet-name>myServlet</servlet-name>
>           <servlet-class>myServlet</servlet-class>
>      </servlet>
>         ... more servlets...
>      <servlet-mapping>
>           <servlet-name>myServlet</servlet-name>
>           <url-pattern>path to myServlet</url-pattern>
>      </servlet-mapping>
>      ... more servlets...
> </web-app>
>
> What security-constraints do i need, and where do i have to put them?
>
> Thank you
>
>


__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)