Hi,

My problem is that I can't redirect back to HTTP from HTTPS. I've configured successfully JBoss2.4.4-Tomcat4.0.1 to open two ports 80 and 443 for HTTP and HTTPS respectively. Specifically, I have generated a keystore and have the following in my jboss.jcml





keystore
changeit


...


80
443










<!-- SSL/TLS Connector configuration -->








Everything works well. In my web.xml file, I add the following

<security-constraint>
<web-resource-collection>
<web-resource-name>Index page</web-resource-name>
Declarative security tests
<url-pattern>/index.jsp</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Administrator</role-name>
</auth-constraint>
<user-data-constraint>
None security
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Login page</web-resource-name>
Declarative security tests
<url-pattern>/login.jsp</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
Security connection for login page
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp</form-error-page>
</form-login-config>
</login-config>

When I first open index.jsp page using a browser, web server forward me to login.jsp page, and at this page, it automatically redirects from HTTP to HTTPS, and after I logged in successfully, I reach index.jsp page, but here, browser still uses HTTPS. Where are my configuration mistakes ? Or is there any way for it to redirect back to HTTP from HTTPS?

Thanks
Quan