may be the external component could add the header for you, what are you using?
Thanks for responding to my question. I will try to find some info about the external component that provides SSL to our application.Your suggestion was one approach that we were considering for resolving this issue. Before taking that approach, I would like to know if the programming approach as mentioned above is incorrect.
1 of 1 people found this helpful
the HttpOnly is discussed in https://community.jboss.org/message/761627
for the isSecure() the trick is to configure the connector so that AS thinks it is secured
secure="true" in the connector configuration.
Thanks for your pointers. I will try the suggestions in the referenced thread.
Did you resolve your issue, Got same thing can you help me out?