web.xml security-constraint is not returning back to http from https

Question

I following the procedure as told in this link Use HTTPS only for certain pages in servlet based webapp. My webpage is normally on http, but when i click on login page it goes to https. This is all fine. But i when i successfully login and the page goes back to regular home page for example the https still remains. It does not go back to http. Please help.

Added web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
        id="WebApp_ID" version="2.5">
        <display-name>Welcome</display-name>
        <servlet>
                <servlet-name>dispatcher</servlet-name>
                <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
                <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
                <servlet-name>dispatcher</servlet-name>
                <url-pattern>*.htm</url-pattern>
        </servlet-mapping>

        <servlet-mapping>
                <servlet-name>jsp</servlet-name>
                <url-pattern>*.jsp</url-pattern>
        </servlet-mapping>

        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>https</web-resource-name>
                        <url-pattern>/signin.htm</url-pattern>
                        <url-pattern>/login.htm</url-pattern>
                        <url-pattern>/shownewuser.htm</url-pattern>
                </web-resource-collection>
                <user-data-constraint>
                        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
                </user-data-constraint>
        </security-constraint>

        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>http</web-resource-name>
                        <url-pattern>*.htm</url-pattern>
                </web-resource-collection>
                <user-data-constraint>
                        <transport-guarantee>NONE</transport-guarantee>
                </user-data-constraint>
        </security-constraint>
    <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
                    /WEB-INF/dispatcher-servlet.xml,
                    /WEB-INF/spring-security.xml
            </param-value>
    </context-param>

    <!-- Spring Security -->
    <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
    </filter-mapping>



    <welcome-file-list>
            <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

Answer 1

I resolved this by using Spring Security. For those who want to try here is what i did.

Completely remove security-constraint from web.xml. In the Spring Security configuration include the following

<http auto-config="true">
    <intercept-url pattern="/signin.htm" access="ROLE_USER" requires-channel="https"/>
    <intercept-url pattern="/login.htm"  requires-channel="https"/>
    <intercept-url pattern="/home.htm"  requires-channel="http"/>

    <session-management session-fixation-protection="none">
    </session-management>
    <remember-me />
        <port-mappings>
              <port-mapping http="8080" https="8443"/>
            </port-mappings>
</http>

Once i setup this then i am able to use https just for login and once login is done it automatically goes back to http