Hello, I am using SSL to display a container managed, form-based Login.jsp. The page displays fine as long as I do not include the company image file, but when I include the image file, I am presented with the pop-up asking me if I wish to display non-secure data. The image file is located in the same directory as my secure Login.jsp, yet the browser does not believe that it is secure. Any ideas would be appreciated! === excerpts of Login.jsp and web.xml: Login.jsp excerpt: <body> <form method="POST" action='<%= response.encodeURL("j_security_check") %>' > <img src="imagessl.gif" > <label><strong>UserName:</strong> <input name="j_username" type="text" id="j_username"> ...etc web.xml excerpt: <!-- SSL Security Setup --> <security-constraint> <web-resource-collection> <web-resource-name>test</web-resource-name> <url-pattern>/web/ssl_jsps/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>registered</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> etc...
Sanity check -- verify that are you really using HTTPS. Otherwise try specifying an explicit path to the image, starting with "https://". By the way, you shouldn't need the call to encodeURL, as the application server can use HTTPS to keep track of the session. - Peter
0
