Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes JSF and the fly likes Getting alert (Do you want to show both secure and non secure items) while accesing site from https. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "Getting alert (Do you want to show both secure and non secure items) while accesing site from https." Watch "Getting alert (Do you want to show both secure and non secure items) while accesing site from https." New topic
Author

Getting alert (Do you want to show both secure and non secure items) while accesing site from https.

praneeth gajji
Greenhorn

Joined: Apr 12, 2012
Posts: 24


Hi,

We have our site running in http.Now client asked us to convert it into https.So I have created keystore file and done configuration changes and running the site in https.But after logging I am getting alert like DO YOU WANT TO SHOW SECURE AND NON SECURE ITEMS .I want to avoid that alert to come.What are all the code changes I need to do .Do I need to replac taglibs as they were under http.Iam not understanding.No one is there for me o suggest.Please help

Sample jsp file used I am pasting here.
<%@ page language="java" contentType="text/html; charset=UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@ taglib uri="http://client.sias.gesmallworld.com/dynjsf/core" prefix="dc"%>
<%@ taglib uri="http://client.sias.gesmallworld.com/dynjsf/html_basic" prefix="dh"%>
<%@ taglib uri="http://client.sias.gesmallworld.com/dynjsf" prefix="dyn"%>

<dc:view>
<f:loadBundle basename="Main" var="bundle"/>
<dyn:head themePath="xp" stylesheets="map,menu,component" />
<dyn:body styleClass="background_menu">
<f:verbatim><br class=""></f:verbatim>
<dh:graphicImage value="themes/xp/SIAS41_About.gif" />
<dh:panelGrid columns="2" style="margin-bottom: 5px;">
<dhutputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dhutputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dhutputLabel value="" />
<dhutputLabel value="#{bundle.lbl_sias}" />
<dhutputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dhutputLabel value="" />
<dhutputLabel value="#{bundle.lbl_version}" />
<dhutputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dhutputLabel value="" />
<dhutputLabel value="#{bundle.lbl_copyright}" />
<dhutputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dhutputLabel value="" />
<f:verbatim><hr class="formSeparator" color="green" /></f:verbatim>
<dhutputLabel value="" />
<dh:form>
<dh:commandButton value="#{bundle.lbl_close}" action="#{InfoBean.deactivate}" />
</dh:form>
</dh:panelGrid>
</dyn:body>
</dc:view>
praneeth gajji
Greenhorn

Joined: Apr 12, 2012
Posts: 24
praneeth gajji wrote:

Hi,

We have our site running in http.Now client asked us to convert it into https.So I have created keystore file and done configuration changes and running the site in https.But after logging I am getting alert like DO YOU WANT TO SHOW SECURE AND NON SECURE ITEMS .I want to avoid that alert to come.What are all the code changes I need to do .Do I need to replac taglibs as they were under http.Iam not understanding.No one is there for me o suggest.Please help

Sample jsp file used I am pasting here.
<%@ page language="java" contentType="text/html; charset=UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@ taglib uri="http://client.sias.gesmallworld.com/dynjsf/core" prefix="dc"%>
<%@ taglib uri="http://client.sias.gesmallworld.com/dynjsf/html_basic" prefix="dh"%>
<%@ taglib uri="http://client.sias.gesmallworld.com/dynjsf" prefix="dyn"%>

<dc:view>
<f:loadBundle basename="Main" var="bundle"/>
<dyn:head themePath="xp" stylesheets="map,menu,component" />
<dyn:body styleClass="background_menu">
<f:verbatim><br class=""></f:verbatim>
<dh:graphicImage value="themes/xp/SIAS41_About.gif" />
<dh:panelGrid columns="2" style="margin-bottom: 5px;">
<dhutputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dhutputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dhutputLabel value="" />
<dhutputLabel value="#{bundle.lbl_sias}" />
<dhutputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dhutputLabel value="" />
<dhutputLabel value="#{bundle.lbl_version}" />
<dhutputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dhutputLabel value="" />
<dhutputLabel value="#{bundle.lbl_copyright}" />
<dhutputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dhutputLabel value="" />
<f:verbatim><hr class="formSeparator" color="green" /></f:verbatim>
<dhutputLabel value="" />
<dh:form>
<dh:commandButton value="#{bundle.lbl_close}" action="#{InfoBean.deactivate}" />
</dh:form>
</dh:panelGrid>
</dyn:body>
</dc:view>
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16019
    
  20

Please don't "bump" posts. Especially don't "bump" posts by repeating them. As a 100% free volunteer community resource we aren't all standing by 24x7 to answer questions. We have to sleep, work, and watch reality TV (or something), so you just have to wait for the Earth to turn to its proper orientation.

This wonderful little message that's a pretty string indicator that you're using IE as your web client means pretty much what it says, and it's really not a JSF thing, it's a general web thing.

In the laughable attempt to make you feel that your web-surfing experience is secure using IE, they display this message any time that a page fetched using the HTTPS protocol contains one or more links or forms accessed via the HTTP protocol. The idea is that someone might intercept one of these unencrypted requests and insert Bad Things. Which is the least of your problems when using IE, but at least they tried.

To eliminate the message (short of eliminating IE), recode all of the URLs in your page definition to use https instead of http.


Customer surveys are for companies who didn't pay proper attention to begin with.
praneeth gajji
Greenhorn

Joined: Apr 12, 2012
Posts: 24
Thank you very much for your suggestion.I tried editing all links to https ,but it didnt worked for me , In my project I have TLDs which all referenced to http sites,do I need to repace all tlds. Is there a way to make IE show both secure and non secure items by default instead of getting alert.Please suggest I am trying out with this from almost a week.Thanks in advance.....
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16019
    
  20

Your best bet on that would be Google, I think. It's a common annoyance, so I have no doubt that a lot of people have asked this question, and I'm sure that some of them have gotten decent answers. Whether it's the answer you want is another matter.

I go for weeks at a time without booting up Windows, but I'm fairly sure that the web security manager tab in IE allows the user to select whether this warning is displayed. The catch is that the user has to do this, and do it manually. It would defeat the whole point of having a security warning if the server was capable of shutting it off silently and automatically. The closest that you're likely to get to that is in the case where the site is in-house and you can persuade the LAN administrators to remotely deploy the appropriate registry settings to everyone's desktop. That wouldn't work for people accessing the server from outside the LAN, though.

In any event, if you are linking to non-secure external sites that you have no control over, it's a legitimate thing for the browser to issue a warning, since that is, in fact a security concern. I believe that it may even make your web users more vulnerable to cross-site scripting (XSS) attack.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Getting alert (Do you want to show both secure and non secure items) while accesing site from https.