struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <>
Subject container-managed security and struts
Date Wed, 12 Oct 2005 22:09:51 GMT
Hi All,

I want to stick with container-managed security and I would like to have 
form-based login on servlet 2.4 (tomcat 5), with SSL encryption on the 
login form but then switch back out of SSL for the remainder of the 
session (mostly).

I tried this 18 months ago and if my memory serves me well, in tomcat 5, 
if I switch the request back out of SSL with a redirect or similar, I 
can no longer see the SSL session (and am effectively not logged in 

Is there an easy way around this? A javascript encryption routine for 
the password or some trick with ssl-ext?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message