File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Leaving https and coming back to http Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Leaving https and coming back to http" Watch "Leaving https and coming back to http" New topic
Author

Leaving https and coming back to http

Edisandro Bessa
Ranch Hand

Joined: Jan 19, 2006
Posts: 584
Dear All,

In my WEB application I use the FORM authentication with SSL.

Basically, in the login form, the submit button redirects the user to the j_security_check by using https.

So far so good, the problem is that after authentication is performed and the desired url is loaded, all reamining requests are using the https. Even for that non secure urls.

I could realize that if I construct all my urls by explicitly putting the http:// text before the url this problem is solved.

Once all my web pages use urls relative to application context, I didn't found this solution very elegant because I have to change all relative for absolute urls.

Example :

Original url link in my web page : /admin/ManageUsers.do ==> redirects to https://candidates/admin/ManageUsers.do

New changed url link in my web page :http://candidates/admin/ManageUsers.do

Is there another more elegant solution for this ?

Best Regards,
Edisandro Bessa.


"If someone asks you to do something you don't know how to, don't tell I don't know, tell I can learn instead." - Myself
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39541
    
  27
You could put a redirect to a non-HTTPS URL into the page that's reached right after the login.


Ping & DNS - updated with new look and Ping home screen widget
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Leaving https and coming back to http
 
Similar Threads
Tomcat 5.0 FORM authentication + servlet mapping problem
Conversion of the paths of the names of the image files ??
How do I secure only my login page? Please help!
how to redirect to success page in tomcat using its lapd configuration
IIS Integrated Authentication + Tomcat Form-based (or basic) Authentication