This is not exactly a JBoss/EJB question so it finds little response here. Protection of the resource would be better covered in a Servlet/JSP forum or tutorial rather than the JBoss forums.
However, you need to ensure that the HTTP connector is configured to perform the redirect for a protected resource. This would be achieved by defining that for Tomcat by adding the fragment in the Tomcat jboss-service.xml:
You would then need to define the protection as per security constraints in the web.xml for your web application:
<security-constraint> <web-resource-collection> <web-resource-name>Logins</web-resource-name> <url-pattern>/Login</url-pattern> <url-pattern>/login.jsp</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
A tutorial on security constraints would better explain this but essentially, any references to /Login or /login.jsp within the context of the web application will be forced to the redirect port specified in the Tomcat HTTP connector definition.
Sorry for the poor formatting - the new forum software seems a little defective in a few places such as formatting, searches, member profile views and posts tracking.
Hope this information helps.
I'm not sure where to put the redirectPort="8443"
Shouldn't I put 8443?
The formatting seems to be off, I meant
yes... u have to set the redirection as i wrote above also i made the url pattern /*
the javadoc @ www.mortbay.org clued me into the xml tag. thanks jon
Glad you got it sorted. Just to clarify on your previous question on the redirect entry and its location (in case others didn't quite follow what went on):
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" address="" port="8080" minProcessors="5" maxProcessors="100" redirectPort="8443" enableLookups="true" acceptCount="10" debug="0" connectionTimeout="20000" useURIValidationHack="false"/>
This is added to the Tomcat HTTP Connector definition in jboss-service.xml.
For Jetty, the jboss-service.xml entry for the HTTP listener would look like this:
<Call name="addListener"> <Arg> <New class="org.mortbay.http.SocketChannelListener"> <Set name="Port"><SystemProperty name="jetty.port" default="8080"/></Set> <Set name="MinThreads">5</Set> <Set name="MaxThreads">100</Set> <Set name="MaxIdleTimeMs">30000</Set> <Set name="LowResourcePersistTimeMs">5000</Set> <Set name="confidentialPort">8443</Set> </New> </Arg> </Call>
Note that Jetty uses confidentialPort instead.