I'm using JSF on GlassFish for a web application.
Q1: If I setup web.xml to use SSL for the login page using HTTP POST, the following happens: the page is loaded normally, using HTTP; when pressing the Submit button the page is reloaded, this time using HTTPS; pressing the Submit button the second time, it does what is supposed to do (verify password, go to the user home page etc.) Why? And how to overcome this ?
Note that if I specify both GET and POST for this page, the page is loaded with HTTPS directly, and pressing Submit just once is enough (as it should).
Q2: After a successful login, the user is redirected to the home page, which is [b]not[/b] listed in web.xml as CONFIDENTIAL; however, the browser stays in HTTPS. How do I convince it to go back to HTTP ?
Cheers,
Memo
[Message sent by forum member 'memox26' (memox26)]
http://forums.java.net/jive/thread.jspa?messageID=327870