This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes Leaving https and coming back to http Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Leaving https and coming back to http" Watch "Leaving https and coming back to http" New topic
Author

Leaving https and coming back to http

Edisandro Bessa
Ranch Hand

Joined: Jan 19, 2006
Posts: 584
Dear All,

In my WEB application I use the FORM authentication with SSL.

Basically, in the login form, the submit button redirects the user to the j_security_check by using https.

So far so good, the problem is that after authentication is performed and the desired url is loaded, all reamining requests are using the https. Even for that non secure urls.

I could realize that if I construct all my urls by explicitly putting the http:// text before the url this problem is solved.

Once all my web pages use urls relative to application context, I didn't found this solution very elegant because I have to change all relative for absolute urls.

Example :

Original url link in my web page : /admin/ManageUsers.do ==> redirects to https://candidates/admin/ManageUsers.do

New changed url link in my web page :http://candidates/admin/ManageUsers.do

Is there another more elegant solution for this ?

Best Regards,
Edisandro Bessa.


"If someone asks you to do something you don't know how to, don't tell I don't know, tell I can learn instead." - Myself
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41134
    
  45
You could put a redirect to a non-HTTPS URL into the page that's reached right after the login.


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Leaving https and coming back to http
 
Similar Threads
Conversion of the paths of the names of the image files ??
IIS Integrated Authentication + Tomcat Form-based (or basic) Authentication
how to redirect to success page in tomcat using its lapd configuration
Tomcat 5.0 FORM authentication + servlet mapping problem
How do I secure only my login page? Please help!