0 Replies Latest reply on Mar 6, 2013 7:26 AM by Kacem BEL

    [SSL] Adding security constraint to web.xml to exclude ressources

    Kacem BEL Newbie

      Hello guys,



      I have a JEE6 web application [JSF2] under JBoss 6.0.0 final on eclipse, i have installed the SSL and everything works fine, then i wanted to exclude some ressources from being forced to use SSL,

      I added the following to web.xml:



      1. <security-constraint> 
      2.         <web-resource-collection> 
      3.             <web-resource-name>unsecuredapp</web-resource-name> 
      5.             <url-pattern>/appname/folder1/index.jsf</url-pattern> 
      7.         </web-resource-collection> 
      8.         <user-data-constraint> 
      9.             <transport-guarantee>NONE</transport-guarantee> 
      10.         </user-data-constraint> 
      11.     </security-constraint> 
      13.     <security-constraint> 
      14.         <web-resource-collection> 
      15.             <web-resource-name>securedapp</web-resource-name> 
      17.             <url-pattern>/*</url-pattern> 
      19.         </web-resource-collection> 
      20.         <user-data-constraint> 
      21.             <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
      22.         </user-data-constraint> 
      23.     </security-constraint> 



      Now that i have made the exception for the URL above, i dont know why i still can't access the URL : http://localhost:8080/appname/folder1/index.jsf

      and it becomes accessible when i turn it to : https://localhost:8443/appname/folder1/index.jsf , which means that it is still forced to use SSL



      please give me advices or anything that could help resolving this, thanks in advance