Meaningless Drivel is fun!*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Unable to securely request for a page Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Unable to securely request for a page" Watch "Unable to securely request for a page" New topic
Author

Unable to securely request for a page

Krutika Ravi
Greenhorn

Joined: Feb 11, 2010
Posts: 23
I have been preparing for the OCPJWCD Exam and have made it to the Web App Security Chapter of Bert Bate's HFSJ:

Question:
a) I'm unable to securely request for my webpage : https://127.0.0.1:8443/Blah , instead I get the following Error:

Firefox can't establish a connection to the server at localhost:8443.
The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.


On Internet Explorer I simply get:
Internet Explorer cannot display the webpage

b) How do I know which SSL Implementation my tomcat is making use of: JSE/APR

Details:

web.xml

<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="Your_WebApp_ID"
version="2.5">

<description>The standard web descriptor for the email client</description>

<servlet>
<servlet-name>AuthenticateUser</servlet-name>
<servlet-class>MailBoxController</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthenticateUser</servlet-name>
<url-pattern>/ControlPanel</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>401</error-code>
<location>/authenticationFailed.jsp</location>
</error-page>
<context-param>
<param-name>serverName</param-name>
<param-value>Gmail</param-value>
</context-param>
<context-param>
<param-name>port</param-name>
<param-value>993</param-value>
</context-param>
<context-param>
<param-name>ip</param-name>
<param-value>imap.gmail.com</param-value>
</context-param>

<session-config>
<session-timeout>30</session-timeout>
</session-config>

<listener>
<listener-class>Logger</listener-class>
</listener>

<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>

<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>administrator</role-name>
</security-role>

</web-app>

tomcat-users.xml :

<tomcat-users>
<role rolename="administrator"/>
<user username="admin" password="system123#" roles="administrator"/>
</tomcat-users>

Following tag was added in web.xml in conf of tomcat :

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/Users/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>


Can anybody please help me with my problem.

Thanks
Krutika
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1632
    
  23

Hi Krutika,

I am not sure why you are getting the error but can you access the page if you remove the security-constraint?

Did you follow all the instructions from here:
ssl-howto

Regards,
Frits
Krutika Ravi
Greenhorn

Joined: Feb 11, 2010
Posts: 23
Thank you Frits,
I realised that I was making changes in web.xml and the lines
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

were to be uncommented in server.xml.

Thanks for your help.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Unable to securely request for a page
 
Similar Threads
How to: use Form based auth via JDBCRealm:oracle in Glassfish 3.0
getting error when deploying web app in weblogic 10.0
help regarding url-pattern in jsf
Getting error while upgrading my running application from jboss-4.2.1.GA to jboss-6.0.0.Final.
Authentication and Authorization implementation using DD Problem