Hi all, i am working with tomcat 5.0.18, j2sdk 1.4.2_03 and Win 2000
Professional.

I like to force tomcat work with some pages with htpps, for those tomcat is
configurated conf/web.xml with:

<Connector port="8443"
  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" disableUploadTimeout="true"
  acceptCount="100" debug="0" scheme="https" secure="true"
  clientAuth="false" sslProtocol="TLS"
  keystoreFile="------------------------------------------------"
  keystorePass="-------" />

When I access a jsp page manually with https://localhost:8443/............
works fine.

And my META-INF/web.xml of my application with:

<security-constraint>
  <web-resource-collection>
    <web-resource-name>sescam</web-resource-name>
       <url-pattern>/sescam/Comun/LoginUsuario.jsp</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

I think that this security constraint force tomcat to use https even if I
acces to page with http://localhost:8080/sescam/Comun/LoginUsuario.jsp,
redirecting automatically to
https://localhost:8443/sescam/Comun/LoginUsuario.jsp, but it doesn't work
and i can view without problems the page on non https connection.

What is wrong?

Thanks.

Mariano L�pez