> I'm using JSF on GlassFish for a web application.
>
> Q1: If I setup web.xml to use SSL for the login page
> using HTTP POST, the following happens: the page is
> loaded normally, using HTTP; when pressing the Submit
> button the page is reloaded, this time using HTTPS;
> pressing the Submit button the second time, it does
> what is supposed to do (verify password, go to the
> user home page etc.) Why? And how to overcome this ?
> Note that if I specify both GET and POST for this
> page, the page is loaded with HTTPS directly, and
> pressing Submit just once is enough (as it should).
>
Can you post your web.xml. I would like to reproduce this and see.
> Q2: After a successful login, the user is redirected
> to the home page, which is [b]not[/b] listed in
> web.xml as CONFIDENTIAL; however, the browser stays
> in HTTPS. How do I convince it to go back to HTTP ?
>
This is not possible today. But why do you want to do that. What in your opinion should happen to the SSL session that was established after authentication ?.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=328124