I am using JBoss 4.2. And I'd like a certain URL pattern to be visited through HTTPS. I used self-certificated keystore file,and the problem is: once the HTTPS url is visited, all others urls in the site are all go through HTTPS, what's the problem?
updated: I found out the problem. I used relative path to references to the resources, so once the url change to HTTPS, all the subsequent links are all started with HTTPS, so do I have to use absolute path in HTTPS web pages?
My configuration is like this: in web.xml :
<security-constraint>
<web-resource-collection>
<web-resource-name>artists.jsp</web-resource-name>
<url-pattern>/artists.*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
in server.xml :
<Connector port="8443"
scheme="https"
secure="true"
clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="changeit"
sslProtocol = "TLS" />