• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Using https for certain JSP

 
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am working on a web application the environment for which is as mentioned below:

JSP/Servlet
EJB 2.0
MS SQL Server 2000
JBoss 3.2

As of now this app is using http protocol but now I have to develop a new page in this app which should be secure i.e. should use https instead of http.

I have searched and found ways to move entire web app from http to https.

But I need only certain pages to use https. Can some one guide me how to make certain JSPs secured ?

Thanks & Regards,
Akhil.
 
Sheriff
Posts: 7134
1360
IntelliJ IDE jQuery Eclipse IDE Postgres Database Tomcat Server Chrome Google App Engine
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
<url-pattern> of <web-resource-collection> does what you want. However, securing an exact JSP doesn't look a reasonable approach, as you might not be securing the data after the submission. On the other hand, having a .jsp file directly exposed also implies that you didn't use a proper MVC approach. A better idea would be securing a specific context with a url pattern, and placing all your sensitive data into it.

 
Akhil Kashyap
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Devaka Cooray :) for guiding me.

I am trying in light of what you have told me and will let you know.


Thanks & regards,
Akhil.
 
Akhil Kashyap
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am successful to secure certain pages using

in web.xml.

My JBoss is listening for http requests on port 80 and for https on port 443.

Below is excerpt of my Jboss-3.2.2RC3\server\default\deploy\jbossweb-tomcat41.sar\META-INF\jboss-service.xml



But now for example page abc.jsp is secured by "<transport-guarantee>" so when this page is requested url gets changed to "https://localhost/jsp-folder/abc.jsp" (which is expected)
and now if user opts for say xyz.jsp which is not secured by "<transport-guarantee>" yet the url remains "https://localhost/jsp-folder/xyz.jsp". (not expected)

Can any one guide is there something I am missing so that non-secure pages can be accessed using http?

Thanks & regards,
Akhil.
 
Akhil Kashyap
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Finally I am successful to get certain pages opened via https and others via http.

I have achieved this using filter and a list containing list of jsp pages which should be accessed using https.

Now filter was constatntly intercepting the request and checking the uri against the list of secure pages.


Thanks & regards,
Akhil.
 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have the same requirement. In my application i have to make one of the jsp as secure.. So I have followed the procedure given below i.e defining security-constraint tag and define the jsp url pattern in that.

Now whenever request is made to that jsp, it turns as secure. i mean https request. Now the problem is, when the request is forwarded/action is submitted to other resource from this secured jsp, the other resource also opened as secure. is it expected? how to get rid of this.

Thanks
MRK
 
renuka metukuru
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HI Akhil,

I am able to make certain page as https. But its not redirecting from https to http. Please provide the details on how to redirect from https to http.
 
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Renuka, welcome to the JavaRanch!

You should have looked at the date of that message thread. It's rather old. A problem with reviving old message threads ("awakening a zombie") is that the people who were discussing it may no longer be interested. For really old threads, they might not even have the same employers any more or the same job needs. It's better to just start a new thread of your own.

One of the things that happens when you switch from HTTP transport to HTTPS is that a new, secure sessionID is created and the original nonsecure sessionID is discarded. So there's some overhead involved. Generally speaking once you enter HTTPS you want to stay there. First, because of the switching overhead and secondly because it's harder to stay really secure if you keep switching secure transport on and off.
 
Come have lunch with me Arthur. Adventure will follow. This tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic