8 Replies Latest reply on May 13, 2011 10:12 AM by Jboss fan99

    How to switch from http to https and back

    Jboss fan99 Newbie

      I have an enterprise application running on JBoss6. Some of the pages should use http and others, secured ones, should use https.

      Is there any way to switch from http  to https for the secured pages? Also it should switch back to http for showing unsecured pages

       

      Any help will be appreciated.

        • 2. How to switch from http to https and back
          Wolf-Dieter Fink Master

          If you set your href links with http or https it is no problem.

          For relative links or if you have JSF/Struts I think you can't.

           

          Or did I understand your problem wrong?

          • 3. How to switch from http to https and back
            Jboss fan99 Newbie

            I'm working with JSF. I don't want to put whole URLs for every link, so that's why not sure if href solution is good. Because application need to switch back and forth between http and https, it means i have to specify complete URLs (i.e. https://blah blah/...) for all the links.

             

            I hope there is some solution by which I can use relative URLs. I have read some posts and they were mentioning about how to use Apache frontend and its .htaccess files to acheive it. But not sure if there is any other simpler solution. Not even sure if Apache solution works.

             

            Any help on this will be appreciated.

            • 4. How to switch from http to https and back
              jaikiran pai Master

              If I understand your question correctly, then all you have to do is setup the web.xml (security-constraint section) appropriately such that only a certain url pattern will have https access (you can specify that by setting CONFIDENTIAL transport - check the web.xml xsd for details). The rest of the url patterns will have default (NONE?) access and will be served via http. In short, take a look a the web.xml xsd and read its documentation. If you still have questions, feel free to ask.

              • 5. How to switch from http to https and back
                Jboss fan99 Newbie

                I tried by changing web.xml but it doesn't work. For testing, I just set all URLs to use https but when I open any application page with http URL, it just open up the page without forwarding it to https. Below is the copy from my web.xml. Can you please help.

                 

                <security-constraint>

                     <web-resource-collection>

                        <web-resource-name>Protected Context</web-resource-name>

                          <url-pattern>/*</url-pattern>

                      </web-resource-collection>

                      <user-data-constraint>

                         <transport-guarantee>CONFIDENTIAL</transport-guarantee>

                      </user-data-constraint>

                </security-constraint>

                • 6. How to switch from http to https and back
                  Jboss fan99 Newbie

                  I think earlier I didn't have tested this correctly. It's forwarding from http to https but always one step behind.

                  security constraint from my web.xml is below. I want to use https for payment.xhtml page but instead the page opened after payment.xhtml is displayed in https.

                  Also once in https mode, how can I go back for http for other pages. Do I have to add another URL pattern and set its data constraint to None? If yes, what URL pattern can I use for that? Can I just put *, guessing that it will pick first hit url-pattern, so for payment.xhtml it will be CONFIDENTIAL

                   

                  <security-constraint>

                       <web-resource-collection>

                          <web-resource-name>Protected Context</web-resource-name>

                            <url-pattern>/faces/payment.xhtml</url-pattern>

                        </web-resource-collection>

                        <user-data-constraint>

                           <transport-guarantee>CONFIDENTIAL</transport-guarantee>

                        </user-data-constraint>

                  </security-constraint>

                  • 7. How to switch from http to https and back
                    jaikiran pai Master

                    Devinder Singh wrote:

                     


                    Also once in https mode, how can I go back for http for other pages. Do I have to add another URL pattern and set its data constraint to None?

                    Yes

                     

                     

                    Devinder Singh wrote:

                     

                    If yes, what URL pattern can I use for that? Can I just put *, guessing that it will pick first hit url-pattern, so for payment.xhtml it will be CONFIDENTIAL

                    It depends on your application and how the resources are mapped. You'll have to give it a try and see which one suits your application. As for *, I haven't tested this in a long while, so I don't remember whether * is allowed or not. You can easily test this out on your setup.

                    • 8. How to switch from http to https and back
                      Jboss fan99 Newbie

                      Thanks. Any suggestions on the problem that https forwarding is one step behind? "It's forwarding from http to https but always one step behind."