How to configure Tomcat to redirect to login form via HTTPS
843811Apr 2 2002 — edited May 17 2002I'm using Tomcat's role based authentication scheme for security of my web application. It all works well, however now I want to specify that the login page be served to the client via HTTPS. Originally, I had planned to have apache (sitting in front of tomcat) do all the SSL. But now that I'm actually trying to implement this I find I'm fairly confused.
I had hoped I could just specify the protocol in the form-login-config element of web.xml. But the spec says the path of this data element must begin with a / and is interpretated relative to the root of the war. So now I seem to be stuck. Is my only recourse to have apache rewrite the url Tomcat redirects to for login?
I'm pretty sure that an automatic redirect to a secure page prompts the client with a warning. I'd like to avoid that.
Anyone do this?