Hi,
I posted this on the JSP forum but got no response. I have a webapp deployed on WebLogic server 8.1 SP4. I have the following entry in the web.xml DD.
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureConnection</web-resource-name>
<url-pattern>*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint/>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I want to ensure that the user accesses the webApp only over SSL. I installed SSL certificates on the server and configured the SSL listen port. However when I try to access the app I get a HTTP 403 error. I tried accessing the application over the non-SSL port and got the same error. I had to roll back the above changes in the DD and then I was able to access the application over the non-SSL port. What am I missing here? The JSPs access EJBs, should I protect the EJBs also in the DD? Please advice.
Thanks,
Wap