This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Multiple SSL + File Upload Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Multiple SSL + File Upload" Watch "Multiple SSL + File Upload" New topic
Author

Multiple SSL + File Upload

ricky wong
Greenhorn

Joined: Jan 27, 2003
Posts: 22
Dear all,

Is it possible to connect to web application A (For user login) by using HTTPS connection and then upload a file to another web application B (another web server and using another HTTPS connection)? The file upload page is created in web application A but the path of "ACTION" in the page is a URL of web application B, the enctype is "multipart/form-data" ). I get an error when connecting to web application B. It seems that the it is failed to make a ssl connection with web server B.... Please kindly help.

Thanks.
Ricky
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

One of the things SSL does for you (the web user) is make certain that the site to which you have a secure connection is the only site.
It is designed to warn the user if they page they are on makes any requests to a server other than the current one (or any non-secure resources on the current site).

One possible work around would be to let them upload the resource to site A and then, from site A's server connect to site B and upload the resource.

It's more work, both for you and the servers but it will allow the user to conduct their entire transaction with one trusted server.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
ricky wong
Greenhorn

Joined: Jan 27, 2003
Posts: 22
Hi Ben,

Thanks. As these two web applications both are intranet applications, the reason that users upload file to web application B is to reduce the loading of web application A (it is mainly used for user login, it loading is very high). I wonder that if file upload page is changed to a normal web page (not enctype is used), the certificate of web application B is prompted out and then that page can be loaded.

Is any possible way to solve this problem? Or does "enctype" cannot be used in this scenario?

Thanks.
Ricky
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

It has nothing to do with enctype.

It has to do with SSL enforcing it's policy of insuring that the user is dealing with only one server while under the SSL session.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Multiple SSL + File Upload
 
Similar Threads
2 technical questions for the techies
Https Question
connect to a SOAP webservice using SSL
File upload and download use SSL?
Question on HTTPS ?