In my application it is required that only certain pages need to be secured using SSL so I configured it

security-constraint>
<display-name>Security Settings</display-name>
<web-resource-collection>
    <web-resource-name>SSL Pages</web-resource-name>
    <description/>
    <url-pattern>/*.jsp</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
    <description>CONFIDENTIAL requires SSL</description>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

and added filter

http://blogs.sun.com/jluehe/entry/how_to_downshift_from_https

but only one hazard is there. I am using it with richFaces. Once it goes to HTTPS its not changing the page—I mean if I perform post action it doesn't actually happen. But if I do it from the local machine's browser it works perfectly, from a remote browser it stucks with HTTPS and not changing after that.

Here is my web.xml's snap:

<filter>
    <filter-name>MyFilter</filter-name>
    <filter-class>MyFilter</filter-class>
    <init-param>
        <param-name>httpPort</param-name>
        <param-value>8080</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>MyFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected resource</web-resource-name>
        <url-pattern>somePattern</url-pattern>
        <http-method>GET</http-method>
  <http-method>POST</http-method>


    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

and some other filters of richfaces. Problem is strange. If I try to access the web app from local's machine's browser it works fine but in remote machine's browser once it get into HTTP, all the forms of that page aswell as href stops working.(JSF,facelet is used.)