3 Replies Latest reply on Apr 25, 2006 8:42 PM by Andreas Berger

    Redirect to HTTPS

    Neil Lane Newbie

      Hi

      I am trying to modify the seam-booking app to redirect to https when the user logs in.

      What I would like is for the user to enter the site using http and after entering their username and password and clicking on the *account login* button, the site *goes secure*.

      I have tried to redirect to the home page and use a ?param in the URL, but have had no success.

      Please can you give me a pointer as to how this could be achieved

      Neil

        • 1. Re: Redirect to HTTPS
          Andreas Berger Newbie

          try to put this in your wen.xml and set the <url-pattern>/*</url-pattern> to your secured site

          <security-constraint>
           <web-resource-collection>
           <web-resource-name>SSL Pages</web-resource-name>
           <url-pattern>/*</url-pattern>
           <http-method>GET</http-method>
           <http-method>PUT</http-method>
           <http-method>POST</http-method>
           </web-resource-collection>
           <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
           </user-data-constraint>
           </security-constraint>


          you have to enable the SSL in your tomcat as well.

          - Andreas

          • 2. Re: Redirect to HTTPS
            Per Wiklander Newbie

            Not being the original poster I can't be sure of what he wanted, but what I think he wanted (and would like to do myself) is to access the exact same pages as before login (plus those that the user now has access to, of course) but through https. So there isn't really a specific url-pattern to use here. What I want to do is basically just insert an 's' into the URL.

            • 3. Re: Redirect to HTTPS
              Andreas Berger Newbie

              Why you want the site unsecure before login and secure after login? I think the easiest way is to make a page commonly secure or not (if private information is entered the page should be secure in general)