users@glassfish.java.net

Re: Need Help with Transport Security (SSL)

From: Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Wed, 30 Sep 2009 07:25:51 +0530

url-pattern specified is /login/* but you are expecting redirection for
just /login. Try changing the url-pattern to /login


glassfish_at_javadesktop.org wrote:
> Hi,
>
> I have added the following statements to my web.xml:
>
> <security-constraint>
> <display-name>SSL</display-name>
> <web-resource-collection>
> <web-resource-name>SSL</web-resource-name>
> <description/>
> <url-pattern>/login/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>HEAD</http-method>
> <http-method>PUT</http-method>
> <http-method>OPTIONS</http-method>
> <http-method>TRACE</http-method>
> <http-method>DELETE</http-method>
> </web-resource-collection>
> <user-data-constraint>
> <description/>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> Here is my link to the login site (fade):
>
> http://server.domain.com:8080/login when the user click the login link in the home page.
>
> The problem is it doesn't automatic forward to https://server.domain.com:8181/login instead it's still stay at http://server.domain.com:8080/login
>
> Is this normal? I don't use any security realm for authentication. The login page is a custom page. I've created a sample application with no authentication page (blank page) and it works fine.
>
> I'm using glassfish V2 and java 1.6. Any help would be appreciated. Thanks!
>
> Regards,
>
> Johnny
> [Message sent by forum member 'tanww888' (tanww888_at_yahoo.com)]
>
> http://forums.java.net/jive/thread.jspa?messageID=366236
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>