-
1. Re: Simple SSL question
erasmomarciano Oct 9, 2008 9:20 AM (in response to chriscorbell)Can you be more precise the about the enviroment?
Have u tried to set the security-constraint in web.xml to restrict user from directly access to JSP files and force user to use SSL connection. -
2. Re: Simple SSL question
peterj Oct 9, 2008 5:59 PM (in response to chriscorbell)Tomcat is used to serve static content as well as servets and JSPs.
To configure SSL for JBossAS, see http://www.jboss.org/file-access/default/members/jbossas/freezone/docs/Server_Configuration_Guide/beta422/html/Security_on_JBoss-Using_SSL_with_JBoss_using_JSSE.html
Or you can front-end JBossAS with Apache HTTP Server, see http://www.jboss.org/file-access/default/members/jbossas/freezone/docs/Server_Configuration_Guide/beta422/html/ch17s01.html and the sections that follow.
Both topics are also covered in the wiki. -
3. Re: Simple SSL question
peterj Oct 9, 2008 6:03 PM (in response to chriscorbell)Juts noticed that you are asking about web services, not HTML content. For that, see http://jbossws.jboss.org/mediawiki/index.php?title=Secure_transport
-
4. Re: Simple SSL question
peterj Oct 9, 2008 6:05 PM (in response to chriscorbell)Oh, now I see what happened. There were two similar questions about SSL, and I meant to answer the other one. Sorry, just ignore me.
-
5. Re: Simple SSL question
chriscorbell Oct 13, 2008 2:04 PM (in response to chriscorbell)Thanks for the replies. One follow-up question:
Let's say I have both unencrypted HTTP and SSL access to my webservice enabled, both for its HTML content and for webservice methods. This is just JBoss, no Apache in front.
If I want some (but not all) HTML pages to force SSL, how do I configure that with JBoss, or do I just have to dynamically code my views to dynamically detect this and bail themselves?
Sim. if I want certain service methods (like a login() method) to force SSL, how do I figure that with JBoss, or if the methods themselves have to enforce this, how do they detect that they're being invoked via SSL?
Just a pointer to docs/wiki would be great, I can't seem to find this with the search terms I come up with.
Thanks again,
Chris