File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Partially secure web applications ... HOW TO? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Partially secure web applications ... HOW TO?" Watch "Partially secure web applications ... HOW TO?" New topic

Partially secure web applications ... HOW TO?

Jeevan Sunkersett
Ranch Hand

Joined: Jul 03, 2007
Posts: 78

I have developed a j2ee application, deployed on jboss and fronted it with a Apache 2.2 server (using mod_jk)

So all requests on Apache, are served by jboss running on port 8080.

For security, I generated a SSL certificate and applied it to Apache, using mod_ssl.

But this has rendered my complete application secure and accesible only by https.

But I wish my java application, to be presented similar to
This applcation allows users to search flights and and add them to a shopping cart. All of this over http.
Only when the user, does a checkout, he/ she is served content over https, but there is no change to the url seen in the browser, except for http becoming https.

I feel such a behaviour is managed by the web server (and not the java application or the application server), using some thing like url rewriting or similar, so this post.

Am I right?
Any help or tips on how to achieve the above will be greatly appreciated.

I agree. Here's the link:
subject: Partially secure web applications ... HOW TO?
jQuery in Action, 3rd edition