Use following setting in your web application to enable SSL for certain pages.
For example:
Certain page in the application should be accessible on https, like
SSL:
Non SSL:
This setting can be enabled at application level by specifying appropriate configuration in deployment descriptor file i.e. web.xml.
Open web.xml located inside WEB-INF folder in application. Add following code
url-pattern - here you need specify the url pattern to be considered.
transport-guarantee - value in this tag manages if the mentioned url under url-pattern should be under SSL or Non SSL. if "CONFIDENTIAL" value is specified then it will be secure otherwise non SSL.
For example:
Certain page in the application should be accessible on https, like
SSL:
- https://www.dummy.com/app/login
- https://www.dummy.com/app/payment
Non SSL:
- http://www.dummy.com/app/help
- http://www.dummy.com/app/contact
This setting can be enabled at application level by specifying appropriate configuration in deployment descriptor file i.e. web.xml.
Open web.xml located inside WEB-INF folder in application. Add following code
<security-constraint>
<web-resource-collection>
<web-resource-name>Non SSL</web-resource-name>
<url-pattern>/help</url-pattern>
<url-pattern>/contact</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
url-pattern - here you need specify the url pattern to be considered.
transport-guarantee - value in this tag manages if the mentioned url under url-pattern should be under SSL or Non SSL. if "CONFIDENTIAL" value is specified then it will be secure otherwise non SSL.
No comments:
Post a Comment