Win a copy of Java Challengers this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • paul wheaton
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Liutauras Vilda
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Piet Souris
Bartenders:
  • salvin francis
  • Mikalai Zaikin
  • Himai Minh

How to force clients to use SSL to access JSP pages

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I posted this on the JSP forum but got no response. I have a webapp deployed on WebLogic server 8.1 SP4. I have the following entry in the web.xml DD.

<security-constraint>
<web-resource-collection>
<web-resource-name>SecureConnection</web-resource-name>
<url-pattern>*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint/>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

I want to ensure that the user accesses the webApp only over SSL. I installed SSL certificates on the server and configured the SSL listen port. However when I try to access the app I get a HTTP 403 error. I tried accessing the application over the non-SSL port and got the same error. I had to roll back the above changes in the DD and then I was able to access the application over the non-SSL port. What am I missing here? The JSPs access EJBs, should I protect the EJBs also in the DD? Please advice.
Thanks,
Wap
reply
    Bookmark Topic Watch Topic
  • New Topic