users@glassfish.java.net

Re: Http and https

From: <glassfish_at_javadesktop.org>
Date: Thu, 09 Jul 2009 06:57:14 PDT

I did a little more research and found this. this is the original post.
[b]
Putting

<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

Will ensure that the URL's protected by auth-constraint cannot be accessed using HTTP, it would then cause a redirect and require https..

But if you are already using https then it will work even if you do not specify the above[/b]
[Message sent by forum member 'tannic2k7' (tannic2k7)]

http://forums.java.net/jive/thread.jspa?messageID=354889