This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Security and the fly likes Partially secure web applications ... HOW TO? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Engineering » Security
Bookmark "Partially secure web applications ... HOW TO?" Watch "Partially secure web applications ... HOW TO?" New topic

Partially secure web applications ... HOW TO?

Jeevan Sunkersett
Ranch Hand

Joined: Jul 03, 2007
Posts: 77

I have developed a j2ee application, deployed on jboss and fronted it with a Apache 2.2 server (using mod_jk)

So all requests on Apache, are served by jboss running on port 8080.

For security, I generated a SSL certificate and applied it to Apache, using mod_ssl.

But this has rendered my complete application secure and accesible only by https.

But I wish my java application, to be presented similar to
This applcation allows users to search flights and and add them to a shopping cart. All of this over http.
Only when the user, does a checkout, he/ she is served content over https, but there is no change to the url seen in the browser, except for http becoming https.

I feel such a behaviour is managed by the web server (and not the java application or the application server), using some thing like url rewriting or similar, so this post.

Am I right?
Any help or tips on how to achieve the above will be greatly appreciated.

Have you checked out Aspose?
subject: Partially secure web applications ... HOW TO?
It's not a secret anymore!