Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes turn on SSL or session tracking Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "turn on SSL or session tracking" Watch "turn on SSL or session tracking" New topic

turn on SSL or session tracking

Brenda Kwok
Ranch Hand

Joined: Nov 30, 2004
Posts: 38

I read the HF book, I don't know a point in P.647. After preparing the html form and DD for FORM authentication, how to turn on SSL or session tracking.

I want to know how to do the two methods.

Thank you.


Brenda Kwok
Ranch Hand

Joined: Nov 30, 2004
Posts: 38
I am beginner to take this exam. Can anyone answer my question pls.

Bert Bates

Joined: Oct 14, 2002
Posts: 8801
Hey Brenda,

Ok, you've got Form-based authentication discussed on page 647, and you've got data confidentiality / integrity discussed on page 652. If you compare them, you'll see that they work independently of one another

To get them to work together, check out pages 653-655!

Good luck on the exam, let us know how you do! And... if it seems that you need more time to study, postpone the exam!

- Bert

Spot false dilemmas now, ask me how!
(If you're not on the edge, you're taking up too much room.)
Brenda Kwok
Ranch Hand

Joined: Nov 30, 2004
Posts: 38
I got this error "Invalid direct reference to form login page" when i typed correct username and password.

Do we need to install real cert for the FORM-based authentication and CONFIDENTAIL option in <transport-guarantee> ?

Giju George
Ranch Hand

Joined: Jun 08, 2004
Posts: 333
If you look at the figure in page 655 of HFS, it says that if the <user-data-constraint> is configured in the DD, then the server informs the client to come on a secure protocol ie https. So I think you need to have digital certificate installed on the server to get this working.

SCJP 1.4, SCWCD 1.4, SCBCD 1.3, SCEA
I agree. Here's the link:
subject: turn on SSL or session tracking
Similar Threads
What is SSL?
Session tracking issues
Only [auth-method] FORM use session tracking ?
question on form based authentication
About FORM based authentication