Hi everybody

I want to force my page login via SSL, and i did it with:

<security-constraint>
  <web-resource-collection>
   <web-resource-name>SSL</web-resource-name>
   <url-pattern>/Comun/LoginUsuario.jsp</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

but when i want validate an user i like to force rest of pages via NON SSL,
i have tried it with other <security-constraint>:

<security-constraint>
  <web-resource-collection>
   <web-resource-name>Aplicacion de IGeSan</web-resource-name>
   <url-pattern>/IGeSan/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
   <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
</security-constraint>

But when i do the "response.sendRedirect(user.getAppPage());" always do it
in SSL mode.

Any ideas.

Thanks

Mariano Lopez


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)