is it possible to tell a portal page that it can only be viewed in ssl (i.e. https) mode via a security constraint?
e.g.
<security-constraint>
<policy-permission>
<role-name>Admin</role-name>
<action-name>view</action-name>
</policy-permission>
</security-constraint>
would force the user to log in and only a member of the group Admin can view the page. this works for me.
what i would need now ist something that forces the user/browser to use a https connection, but without forcing a login:
<security-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
and this should be valid for a portal page