jQuery in Action, 3rd edition
The moose likes Security and the fly likes Leaving https and coming back to http Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Leaving https and coming back to http" Watch "Leaving https and coming back to http" New topic

Leaving https and coming back to http

Edisandro Bessa
Ranch Hand

Joined: Jan 19, 2006
Posts: 584
Dear All,

In my WEB application I use the FORM authentication with SSL.

Basically, in the login form, the submit button redirects the user to the j_security_check by using https.

So far so good, the problem is that after authentication is performed and the desired url is loaded, all reamining requests are using the https. Even for that non secure urls.

I could realize that if I construct all my urls by explicitly putting the http:// text before the url this problem is solved.

Once all my web pages use urls relative to application context, I didn't found this solution very elegant because I have to change all relative for absolute urls.

Example :

Original url link in my web page : /admin/ManageUsers.do ==> redirects to https://candidates/admin/ManageUsers.do

New changed url link in my web page :http://candidates/admin/ManageUsers.do

Is there another more elegant solution for this ?

Best Regards,
Edisandro Bessa.

"If someone asks you to do something you don't know how to, don't tell I don't know, tell I can learn instead." - Myself
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
You could put a redirect to a non-HTTPS URL into the page that's reached right after the login.
I agree. Here's the link: http://aspose.com/file-tools
subject: Leaving https and coming back to http
It's not a secret anymore!