JSF SSL Hazzard
Posted
by java beginner
on Stack Overflow
See other posts from Stack Overflow
or by java beginner
Published on 2010-05-06T13:29:59Z
Indexed on
2010/05/12
2:34 UTC
Read the original article
Hit count: 416
In my application it is required that only certain pages need to be secured using SSL so I configured it
security-constraint>
<display-name>Security Settings</display-name>
<web-resource-collection>
<web-resource-name>SSL Pages</web-resource-name>
<description/>
<url-pattern>/*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<description>CONFIDENTIAL requires SSL</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
and added filter
http://blogs.sun.com/jluehe/entry/how_to_downshift_from_https
but only one hazard is there. I am using it with richFaces. Once it goes to HTTPS its not changing the page—I mean if I perform post action it doesn't actually happen. But if I do it from the local machine's browser it works perfectly, from a remote browser it stucks with HTTPS and not changing after that.
Here is my web.xml's snap:
<filter>
<filter-name>MyFilter</filter-name>
<filter-class>MyFilter</filter-class>
<init-param>
<param-name>httpPort</param-name>
<param-value>8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>MyFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected resource</web-resource-name>
<url-pattern>somePattern</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
and some other filters of richfaces. Problem is strange. If I try to access the web app from local's machine's browser it works fine but in remote machine's browser once it get into HTTP, all the forms of that page aswell as href stops working.(JSF,facelet is used.)
© Stack Overflow or respective owner