permaculture playing cards*
The moose likes Servlets and the fly likes HTTPS back to HTTP( Sorry, Try again) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "HTTPS back to HTTP( Sorry, Try again)" Watch "HTTPS back to HTTP( Sorry, Try again)" New topic
Author

HTTPS back to HTTP( Sorry, Try again)

Mark Chen
Greenhorn

Joined: Sep 03, 2001
Posts: 4
Hi everyone,
I have a problem with HTTPS and HTTP in my servlet & JSP development.
In my project I have one servlet which takes all user' request and then transfers to different JSP according the user'request.
When users first access this web they will get the login page. After typing the necessary data users submit this login request. This request will be sent to the server via HTTPS. I did this by forcing <FORM ACTION="https://localhost:8443/...> in my login page.
When the servlet receives this request, it will process it(verify the user name & password) and then transfer the request to some JSPs. The basic logic looks like:
doPost(request, response) {
// get parameters from request
// call other server for verification
If successful
dispatcher = request.getRequestDispatcher("/jsp/success.jsp");
Else
dispatcher = request.getRequestDispatcher("/jsp/fail.jsp");
dispather.forward(request, response);
}
What I expect here is the request of submitting login is via HTTPS but after the verification everything should go back to HTTP(No SSL any more).
But I found after I submit the login request via HTTPS everything becomes HTTPS. The problem I have is how I can go back to HTTP after the login data is received vai HTTPS.
My servlet container is TOMCAT 4.0.
I apprecaite if any one could give me some help.
Thanks,
Mark
Michael Yuan
author
Ranch Hand

Joined: Mar 07, 2002
Posts: 1427
You should consider using response.sendRedirect(url) and give the full URL string (with http://)
Using absolute URLs is not a good idea if you want to deploy your application to many servers. But you can always have a HTTP/HTTPS policy configure file and have a wrapper method to encode all the relative URLs to absolute ones at runtime according the policies.


Seam Framework: http://www.amazon.com/exec/obidos/ASIN/0137129394/mobileenterpr-20/
Ringful: http://www.ringful.com/
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

Michael Yuan hinted at "the better" solution, and here's an article I read a month ago that has a really good summary of the issues involved (and some code!)

http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-ssl_p.html
Mark Chen
Greenhorn

Joined: Sep 03, 2001
Posts: 4
Michael, Mike:
Thanks for your suggestion and information. I would try agian and see what I could get.
Mark
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: HTTPS back to HTTP( Sorry, Try again)