5 Replies Latest reply on Oct 13, 2008 2:04 PM by Christopher Corbell

    Simple SSL question

    Christopher Corbell Newbie

      I have what may be a naive question about configuring SSL for JBoss/Tomcat...

      Is it possible to have both SSL and unencrypted access available, and have some resources/endpoints available only via SSL?

      One use case for this is an administrator's web interface for a webservice. The webservice methods themselves don't require SSL, but the admin interface should.

      Another use case would be a particular webservice method that we want encrypted (e.g. because it's for remote web clients to authenticate and we don't want the password sent over unencrypted). In this case we might have a login() method that we want to require come via SSL, but once it succeeds a temporary session token's returned that the RIA client can use for requests over unencrypted HTTP.

      Is this possible or is SSL an on-or-off, all-or-nothing option?