SSL question java web application

Question

I configure my web application to use SSL using my own self signed certificate. Everything is working fine but here my whole site is https now as i used :-

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

However, i only want my login page to use SSL and not complete site. What changes do i need to make in my application?

Thanks in advance :)

Check out my answer to this question, http://stackoverflow.com/questions/1840211/setup-ssl-for-form-login-only-on-tomcat-webapp/1840398#1840398 — ZZ Coder, May 23 '10 at 11:44

Bozho · Accepted Answer · 2010-05-23T13:32:44.483

1

let all links be regular
let the link to the login page be https://...
on the login page make sure all links are http://

For example:

<a href="https://<%= request.getServerName() %>/login.jsp">

(you many need to also include request.getServletContext().getContextPath() as well)

edited May 23 '10 at 13:32

answered May 23 '10 at 06:50

Bozho

588,226
146
1,060
1,140

Hi Bozho! You mean i should hardcode everything like http://localhost/common/abc.jsf? rather than /common/abc.jsf? – TCM May 23 '10 at 11:05
not hardcode. Use it dynamically, via `request` - it holds all the data - the server, the url, the context – Bozho May 23 '10 at 13:27
Hi Bozho, the solution you posted is not working. When i change from https to http the login fails and i get this exception as i am using jdbcRealm :- INFO: JACC Policy Provider: Failed Permission Check, context(Blogger/Blogger)- permission((javax.security.jacc.WebUserDataPermission /Login/index.jsf GET)) – TCM May 26 '10 at 15:47
probably the sessionid is changing that's why this problem is coming – TCM May 26 '10 at 15:48
I've implemented https login in exactly the same way. So perhaps there is something other than this. – Bozho May 26 '10 at 16:19
Hi Bozho, see this link, i have done it this way :- http://stackoverflow.com/questions/2914751/why-does-this-redirect-not-work-java-ssl – TCM May 26 '10 at 17:00
the first time i do login i get the above exception and the 2nd time i do login :p i go inside members area but with https instead of http. Please help me :( – TCM May 26 '10 at 17:01
Shall i post my whole web.xml here? – TCM May 26 '10 at 17:03
Hi Bozho, i would to add that if i keep simple on my login page and click there then http works fine. But when i am programmatically redirecting using http it doesn't work. – TCM May 26 '10 at 18:19

SSL question java web application

1 Answers1