I am developing an application where I want the users to have some protection from the Internet and snooping. I want to force all users to use https://
rather than just http://
so that encryption is used. When a user logs in, I would like to redirect them to an https://
session if needed. JSF seems to take a relative .jsp for the <to-view-id> value. I thought about just setting up a .jsp that would issue a jsp-forward, or an http refresh, but that would require me to hard code the full server url, whereas I would like the page to be relative to my server and only need to change the protocol, so that I can move the .ear file to my test server and production server without having to modify the code. How would I implement a redirection to https://
when the user logs in successfully?