Hi Rohiini,
Can you tell us what you specified as the url-pattern while specifying
the security-constraint? Why don't you send us the XML snippet for the
entire security-constraint element, so that we have all the information
that we need to figure out what's going on.
Here is an example that works for me:
<security-constraint>
<display-name>Constraint2</display-name>
<web-resource-collection>
<web-resource-name>Resource2</web-resource-name>
<description/>
<url-pattern>/logon/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name/>
<form-login-config>
<form-login-page>/logon/logon.jsp</form-login-page>
<form-error-page>/logon/logonError.jsp</form-error-page>
</form-login-config>
</login-config>
Thanks,
Sahoo
Rohiini N wrote:
>
>
> hi
>
> I am trying to implement form based login in ee5 + glassfish. I need
> the login page alone to run in https and then later switch back to
> http.but when i specify
>
> < user- data- constraint>
> <transport-guarantee> CONFIDENTIAL</transport-guarantee>
> </ user- data- constraint>
>
> in web.xml for only the login page , it doesn't work . It still
> applies it for the whole application.
> Thanks in advance.
>
> Thanks,
> Rohiini N
> Tata Consultancy Services
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
>