wood burning stoves 2.0*
The moose likes Security and the fly likes Enabled SSL, but how to prevent Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Enabled SSL, but how to prevent "HTTP:`\\xxxx"" Watch "Enabled SSL, but how to prevent "HTTP:`\\xxxx"" New topic
Author

Enabled SSL, but how to prevent "HTTP:`\\xxxx"

Eskil Lind
Greenhorn

Joined: Apr 05, 2003
Posts: 11
Hello.
We have implemented SSL on IBM Http-server and Websphere applicaton server.
When we use "HTTPS:\\xxxxx" everything looks fine and we can se that the
certificate is used, the lock-icon on the browser and so on.
The problem is that we can still link to the application with "HTTP:\\xxxx" (unsecured).
How can we prevent this access ?
actions on the web-server ?
actions on the application server ?
actions on the deployment description ?)
[ September 30, 2003: Message edited by: Eskil Lind ]
norman richards
Author
Ranch Hand

Joined: Jul 21, 2003
Posts: 367
Try looking at the transport-guarantee option on security-constraint in your web.xml...
Eskil Lind
Greenhorn

Joined: Apr 05, 2003
Posts: 11
Seems like I can solve this by editing the "Virtual host"-setting in WebSphere Application Server. I tried to set the only valid Virtual host to be "*:443". 443 is the SSL-port.
==> This worked fine. All "HTTP:\\xxx" was rejected.
Another challenge is that my application will call some static HTML-sites on the internet (new pop-up windows) with an ordinary "HTTP:\\xxxx"-kommand.
==> this was still possible
I have now accomplished to only allow HTTPS (SSL) to enter my application, and still my application can reach the outside world with "HTTP".
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Enabled SSL, but how to prevent "HTTP:`\\xxxx"