This week's giveaway is in the Cloud/Virtualization forum. We're giving away four copies of Secure Financial Transactions with Ansible, Terraform, and OpenSCAP and have Lucian Maly on-line! See this thread for details.
I want to ensure that the user accesses the webApp only over SSL. I installed SSL certificates on the server and configured the SSL listen port. However when I try to access the app I get a HTTP 403 error. I tried accessing the application over the non-SSL port and got the same error. I had to roll back the above changes in the DD and then I was able to access the application over the non-SSL port. What am I missing here? The JSPs access EJBs, should I protect the EJBs also in the DD? Please advice. Thanks, Wap
Hi, Thank you so much for your responses. I tried using: <auth-constraint>*</auth-constraint>, but it was prompting me for a username/password. I removed the <auth-constraint> element from web.xml and now all traffic is forced to use SSL. The user is not prompted for username/password. Thanks, Wap
Whatever. Here's a tiny ad:
SKIP - a book about connecting industrious people with elderly land owners