How do I force JSP page references to use the HTTPS rather than HTTP protocol? It seems that using <jsp:forward .../>, for instance, prohibits me from specifying the https:// protocol explicitly in the reference (e.g., <jsp:forward page="https://..."/> is not allowed).

Edward Chaltry

This question may have two answers. Regarding the <jsp:forward.../> tag, this does not really involve HTTP at all. It simply passes control from one JSP (servlet) to another, never leaving the server. (Behind the scenes I think it is calling the RequestDispatcher.forward() method.)

As far as using HTTPS rather than HTTP for JSP references, this it typically handled by the web server being used in "front" of the servlet container your JSP is running in. If the http server has encryption enabled, all JSP (as well as HTML, images, etc) requests made to that server will be encrypted to/from the user's browser. There doesn't really need to be anything done by the JSP. The exception to this would be any absolute HTML links in the JSP file (note that relative and server-relative links are ok).