Hello guys,

I have a JEE6 web application [JSF2] under JBoss 6.0.0 final on eclipse, i have installed the SSL and everything works fine, then i wanted to exclude some ressources from being forced to use SSL,

I added the following to web.xml:

1. <security-constraint> 
2.         <web-resource-collection> 
3.             <web-resource-name>unsecuredapp</web-resource-name> 
4.  
5.             <url-pattern>/appname/folder1/index.jsf</url-pattern> 
6.  
7.         </web-resource-collection> 
8.         <user-data-constraint> 
9.             <transport-guarantee>NONE</transport-guarantee> 
10.         </user-data-constraint> 
11.     </security-constraint> 
12.  
13.     <security-constraint> 
14.         <web-resource-collection> 
15.             <web-resource-name>securedapp</web-resource-name> 
16.  
17.             <url-pattern>/*</url-pattern> 
18.  
19.         </web-resource-collection> 
20.         <user-data-constraint> 
21.             <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
22.         </user-data-constraint> 
23.     </security-constraint> 

Now that i have made the exception for the URL above, i dont know why i still can't access the URL : http://localhost:8080/appname/folder1/index.jsf

and it becomes accessible when i turn it to : https://localhost:8443/appname/folder1/index.jsf , which means that it is still forced to use SSL

please give me advices or anything that could help resolving this, thanks in advance

-Kacem