> From: Stefan Rainer [mailto:
s.rainer@...]
> Subject: Service available for HTTPS only? (no HTTP)
>
> The service XY can still be called via HTTP (without SSL).
> ==> Does anyone knows a trick to "avoid" calls via HTTP to this
> service?
Read the servlet spec, the contents of which are intentionally *not* duplicated in the Tomcat docs.
Specifically, set a <transport-guarantee> of CONFIDENTIAL in your webapp's WEB-INF/web.xml file. See the servlet spec for exact details.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail:
users-unsubscribe@...
For additional commands, e-mail:
users-help@...
