i have added this security constraint to my web.xml in weblogic8.1. after login also it's going as Https. how i can change it to Http once user authenticated.
<security-constraint>
<display-name>RAPID Security Constraints</display-name>
<web-resource-collection>
<web-resource-name>General Web Access</web-resource-name>
<description>Protect any resources within the following page flow</description>
<url-pattern>/login/*</url-pattern>
<url-pattern>/magicMove/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>These are the roles who have access the web resources above</description>
<role-name>Administrator</role-name>
<role-name>
test</role-name>
</auth-constraint>
<user-data-constraint>
<description>This is how the user data must be transmitted.</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name>Login Page</display-name>
<web-resource-collection>
<web-resource-name>Login Access</web-resource-name>
<url-pattern>/login/login.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login/login.jsp</form-login-page>
<form-error-page>/login/login.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- END -->
<security-role>
<description>An administrator</description>
<role-name>Administrator</role-name>
</security-role>
<security-role>
<description>Test account</description>
<role-name>test</role-name>
</security-role>
please post your view here or send to my id
[email protected] in advance.
regards,
Raja