struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject container-managed security and struts
Date Wed, 12 Oct 2005 22:09:51 GMT
Hi All,

I want to stick with container-managed security and I would like to have 
form-based login on servlet 2.4 (tomcat 5), with SSL encryption on the 
login form but then switch back out of SSL for the remainder of the 
session (mostly).

I tried this 18 months ago and if my memory serves me well, in tomcat 5, 
if I switch the request back out of SSL with a redirect or similar, I 
can no longer see the SSL session (and am effectively not logged in 
anymore).

Is there an easy way around this? A javascript encryption routine for 
the password or some trick with ssl-ext?


Adam

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message