Hello,
we have set up an env where IIS forwards jsp/servlet to
tomcat using Jarkata/ISAPI. Everything works fine until receltly new situation arise and we are kind of stuck.
First, say the IIS server IP is 1.2.3.4, and one tomcat instance is installed their too. Virtual host myHost.org is pointing to the ip and using IIS/Jarkata to serve
servlets from application "CatMouse" in tomcat. Now we have a new application "HiddenCatMouse" deployed under the same tomcat. Another virtual host (with https) mySecureHost.org is pointing to the same IP. Our concerns then becomes, how do we do to prevent users from accessing the secured "CatMouse" from un-secured channel? I mean, supposedly user is able to do this "http://myHost.org/CatMouse/catchMouse.do". Now that I have the "hiddenCatMouse" run by the same tomcat, what do I do to prevent user from typing in "http://myHost.org/hiddenCatMouse/catchMouse.do", where "hiddenCatMouse/catchMouse.do" would be available only from "https://mySecureHost.org/hiddenCatMouse/catchMouse.do".?
I hope I have made it clear and I apprciate any comments in advance.
Thanks,
Ben