Hi all, I'm learning the 'web app security' chapter in the 'Head First' book. What i'm trying is :
1. Adding the security constraint to the jsp file which is info.jsp through the web.xml file.
2. It will show the loginPage.html in the browser when user tried to directly access the info.jsp (Running the following link http://localhost:8080/ch12/beer/hello.do)
3. If login successfully, show a text 'HAHA, login OK', otherwise show the errorPage.html
This is because you have put a <user-data-constraint> of confidential in your web-resource-collection. It is expecting the HTTPS port of 8443 being open, however if you are using tomcat as a server it is by default switched off. Just remove the user-data-constraint first and see if everything works fine.
If so, try to read SSL on tomcat to activate HTTPS.
Joined: May 22, 2009
Frits Walraven, thank you for your reply. and it's working now although the IE said
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
In order to get rid of above warnning message, i guess i need to buy a certificate from some 'CA' company. anyway, thank you for your help.
Creator of Enthuware JWS+ V6