[jboss-user] [Beginners Corner] - Simple SSL question

chriscorbell do-not-reply at jboss.com
Wed Oct 8 17:21:40 EDT 2008

I have what may be a naive question about configuring SSL for JBoss/Tomcat...

Is it possible to have both SSL and unencrypted access available, and have some resources/endpoints available only via SSL?

One use case for this is an administrator's web interface for a webservice.  The webservice methods themselves don't require SSL, but the admin interface should.

Another use case would be a particular webservice method that we want encrypted (e.g. because it's for remote web clients to authenticate and we don't want the password sent over unencrypted).  In this case we might have a login() method that we want to require come via SSL, but once it succeeds a temporary session token's returned that the RIA client can use for requests over unencrypted HTTP.

Is this possible or is SSL an on-or-off, all-or-nothing option?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4181119#4181119

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4181119

More information about the jboss-user mailing list