HTTPS - Redirection : Security aspect in our application

Discussions

General J2EE: HTTPS - Redirection : Security aspect in our application

  1. Hi,
    Well, I am trying to really figure out, how the control is redirecting to the login page (HTTPS), when I click on a link (jsp page - index.jsp) under the directory res/tool -and it pops up the security certificate acceptance window. So, index.jsp is present in this folder (res/tool). I checked out web.xml, where there no restrictions for this folder or file. I checked out weblogic.xml too - couldn't figure out. This is too too puzzling. Could any of you please tell me where else the restrictions could've been enabled for security in the application.

    Thanks so much in advance.
    Best Wishes
    Ven

    Threaded Messages (12)

  2. none[ Go to top ]

    Hi,

    On which port is your application deployed?
    Checkout weblogic.properties file for ssl configurations.

    Ash
  3. HTTPS[ Go to top ]

    Appreciate much your reply.
    Well, but, there isn't any file called 'weblogic.properties' in our project, though we are using weblogic server for development. Any other file related to SSL configurations you think ?? We run our project at port 7001 and I think it leads to port 7002 HTTPS after redirection. Please respond.
    Thanks
    Venkat
  4. SSL[ Go to top ]

    The properties file belong to your server and not application.I am not sure which weblogic server version you are using but weblogic root directory might be having the weblogic.properties file.It is the main config file for weblogic server 5.1.x
    refer this site
    http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1190514
  5. SSL[ Go to top ]

    Hey,

    Thanks much for your reply.
    Well, yeah, I did search through the server stuff only. I only see config file (config.xml)and not weblogic.properties. We are using weblogic 8.0. But I don't see any particular setting for that particular directory in the config file - from where the control leads to HTTPS - 7002. Could you please help me figure this out, as to where exactly the security setting would have been enabled. It's too puzzling. I actually searched for the directory and file name, in the server directories but couldnt get any matching string.

    Thanks.
  6. SSL[ Go to top ]

    Hi,

    config.xml is the one for this version of weblogic.
    It will be difficult to say what exacly is wrong...Maybe you can post your config .xml here which might help to figure out what settings you have in there.
    If your application is not referring to https atall this should not be a problem.Unless something went wrong while deploying the app.
    Ash
  7. SSL[ Go to top ]

    Thanks so much for the timely responses.
    Well, my application is referring to HTTPS, as my page is redirected from HTTP at 7001 to HTTPS at 7002. I just wanna find out this 'part of functionality' in my application, where exactly this security aspect has been enabled.
    Accessing files in resources/tool is getting redirected to HTTPS at 7002. Even if you jus say http//localhost7001/resources/tool it goes to https//localhost7002/secure/login.do
    For this to happen resources/tool should have got the security settings right? but I dont see the directory names mentioned in config.xml nor in web.xml or weblogic.xml. PLease tell where I could find it.
    Really appreciate your assiatnce.
  8. SSL[ Go to top ]

    This forum here doesn't take colons.. thats why there r no colons in the urls mentioned.
  9. struts[ Go to top ]

    ok so you are using struts duh!

    For starters check if in your struts-config you have mistakenly typed https: in the forward attribute for your login.check the global forwards too.
  10. struts[ Go to top ]

    Thx.
    We r using struts....no string as 'https' in struts.config.
    Well, I just click on that link and it forwards to https..really puzzled abt this redirection part where it's been done..help me out.
    look forward to ur reply.
  11. None[ Go to top ]

    venkat,

    Is it possible for you to paste struts-config and weblogic config.xml in this forum ?

    It will be difficult to say otherwise.

    Thnx
  12. None[ Go to top ]

    Hey...I dont have rights to paste the code here bcoz of security reasons of mmy company. But ok, in those 2 files I just dont see those folder names at all - I am sure the security aspect has been dealt in these 2 files. Help me out pl.
  13. None[ Go to top ]

    In my last reply I meant the security aspect has not been dealt in those 2 files.sorry.