Switching between HTTPS and HTTP in Java web appliction

Question

I have set up SSL in Tomcat 5.5 and have the following in my web.xml:

<security-constraint>
        <web-resource-collection>
            <web-resource-name>SSL URLs</web-resource-name>
            <url-pattern>/j_spring_security_check</url-pattern>
            <http-method>GET</http-method>
        <http-method>POST</http-method>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

which works fine when I submit the login form that has the action url of 'j_spring_security_check' but then when I navigate to any other URL in the app, the app is stuck using the SSL port with https in the URL.

How can I only use HTTPS for some URLs but make the application revert to plain HTTP for other URLs?

Answer 1

It might not be the answer you're looking for, but have you considered staying over HTTPS?

From this article:

SSL/TLS is not computationally expensive any more.