Reverting from HTTPS to HTTP
Right now I am using HTTPS for a secure login by configuring in JBOSS4.04 RC1 with bundled Tomcat:
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/faces/SecureLogin.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ROLE_ADMIN</role-name>
<role-name>ROLE_USER</role-name>
<role-name>ROLE_MODERATOR</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
[code]
Along with the settings in server.xmlthis works fine. The app switches to https protocol and port 8443 (instead of 8080) when you reach that page and allows you to login encrypted.
But it stays that way, navigation after logging in keeps being secure. I want to revert back to http obviously.
Marking pages after that with a data cnstraint NONE does notdo anything.
It occurred to me that it's possible to change that by hard-coding a link to HTTP but that's dirty design.
Any ideas? Thanks.[code]
