File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

specifying specific URL's to use SSL

 
manish ahuja
Ranch Hand
Posts: 312
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All

I am using form based authentication. In this I want to only specify the Login Page to use SSL when the user enters his password. Post successful authentication the user should be using the normal http & not https.

I am using weblogic 7 & have enabled https on port 7002. In my application web.xml looks like this

<user-data-constraint>
<description>
Specify how user data is to be transferred
</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

The problem is all the URL's specified in the <url-pattern>
(<url-pattern>/jsp/error/*</url-pattern>
<url-pattern>/jsp/navigation/*</url-pattern>

will run under https now which If possible I want to avoid

Can we do something like where we can do selective https for some links in the site & then use http for others

Regards
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First off, why shouldn't the application use HTTPS everywhere? If it is important enough to require a password (which furthermore should not be snooped since you require HTTPS), then isn't the whole thing important enough to run on HTTPS? Have you done load tests to ascertain that the server can't handle an all-HTTPS web app? Or is there some other reason?

If you're still set on using HTTPS just for the login page, then don't declare anything in the web.xml. Just check in the login page that it is accessed over HTTPS (and redirect to its HTTPS URL if it isn't), and then forward to an HTTP URL from there.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic