|
I think you have missed my point. What you do is forget about doing anything in https from tomcat. From tomcat every thing is in the clear. You install Apache in front of Tomcat so that Apache passes request through to Tomcat. Now from Apache it is easy to setup certain URL's to be https and other to not be https. This way from within Tomcat every thing is on the same session. Apache handles the switching which is what it is good at (and a bunch of other stuff too).
|