On Apr 12, 2005 1:23 PM, Vanga <Pitchi.Vanga@xxxxxxxxxxxxxxxx> wrote: > This is a J2EE application. Normally the jsp pages, servlets or EJBs are > secured by declaring security constraints. > display.do is one of them. The auth server is a single sign-on server > (which is also a J2EE app server with an apache [......] I understand all that. But you say that the browser eventually bypasses the proxy and goes directly to the back-end. Exactly what is the trigger for the browser to do that? Is it following a link that references the backend server? Is there some funky javascript? Is a redirect being sent pointing at the back-end server? If so, what exactly does the redirect look like. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|