In my application it is required that only certain pages need to be secured using SSL so i configured it
security-constraint>
<display-name>Security Settings</display-name>
<web-resource-collection>
<web-resource-name>SSL Pages</web-resource-name>
<description/>
<url-pattern>/*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<description>CONFIDENTIAL requires SSL</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
and added filter
http://blogs.sun.com/jluehe/entry/how_to_downshift_from_https
but only one hazard is there.i am using it with richFaces. once it goes to HTTPS its not changing the page i mean if i perform post action it doesnt actually happens. but if i do it from the local bmachine's browser it works perfectly from remote browser it stucks with HTTPS its not changing after that
here is my web.xml's snap
<filter>
<filter-name>MyFilter</filter-name>
<filter-class>MyFilter</filter-class>
<init-param>
<param-name>httpPort</param-name>
<param-value>8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>MyFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected resource</web-resource-name>
<url-pattern>somePattern</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
and some other filters of richfaces.problem is strange.if i try to access the web app from local's machine's browser it works fine but in remote machine's browser once it get into HTTP , all the forms of that page aswell as href stops working.(JSF,facelet is used.)