Hi,
Well, I am trying to really figure out, how the control is redirecting to the login page (HTTPS), when I click on a link (jsp page - index.jsp) under the directory res/tool -and it pops up the security certificate acceptance window. So, index.jsp is present in this folder (res/tool). I checked out web.xml, where there no restrictions for this folder or file. I checked out weblogic.xml too - couldn't figure out. This is too too puzzling. Could any of you please tell me where else the restrictions could've been enabled for security in the application.
Thanks so much in advance.
Best Wishes
Ven
-
HTTPS - Redirection : Security aspect in our application (12 messages)
- Posted by: ven kat
- Posted on: February 07 2005 12:11 EST
-
none[ Go to top ]
- Posted by: Ash H
- Posted on: February 07 2005 12:56 EST
- in response to ven kat
Hi,
On which port is your application deployed?
Checkout weblogic.properties file for ssl configurations.
Ash -
HTTPS[ Go to top ]
- Posted by: ven kat
- Posted on: February 07 2005 14:18 EST
- in response to Ash H
Appreciate much your reply.
Well, but, there isn't any file called 'weblogic.properties' in our project, though we are using weblogic server for development. Any other file related to SSL configurations you think ?? We run our project at port 7001 and I think it leads to port 7002 HTTPS after redirection. Please respond.
Thanks
Venkat -
SSL[ Go to top ]
- Posted by: Ash H
- Posted on: February 07 2005 14:41 EST
- in response to ven kat
The properties file belong to your server and not application.I am not sure which weblogic server version you are using but weblogic root directory might be having the weblogic.properties file.It is the main config file for weblogic server 5.1.x
refer this site
http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1190514 -
SSL[ Go to top ]
- Posted by: ven kat
- Posted on: February 07 2005 14:58 EST
- in response to Ash H
Hey,
Thanks much for your reply.
Well, yeah, I did search through the server stuff only. I only see config file (config.xml)and not weblogic.properties. We are using weblogic 8.0. But I don't see any particular setting for that particular directory in the config file - from where the control leads to HTTPS - 7002. Could you please help me figure this out, as to where exactly the security setting would have been enabled. It's too puzzling. I actually searched for the directory and file name, in the server directories but couldnt get any matching string.
Thanks. -
SSL[ Go to top ]
- Posted by: Ash H
- Posted on: February 07 2005 16:05 EST
- in response to ven kat
Hi,
config.xml is the one for this version of weblogic.
It will be difficult to say what exacly is wrong...Maybe you can post your config .xml here which might help to figure out what settings you have in there.
If your application is not referring to https atall this should not be a problem.Unless something went wrong while deploying the app.
Ash -
SSL[ Go to top ]
- Posted by: ven kat
- Posted on: February 07 2005 17:14 EST
- in response to Ash H
Thanks so much for the timely responses.
Well, my application is referring to HTTPS, as my page is redirected from HTTP at 7001 to HTTPS at 7002. I just wanna find out this 'part of functionality' in my application, where exactly this security aspect has been enabled.
Accessing files in resources/tool is getting redirected to HTTPS at 7002. Even if you jus say http//localhost7001/resources/tool it goes to https//localhost7002/secure/login.do
For this to happen resources/tool should have got the security settings right? but I dont see the directory names mentioned in config.xml nor in web.xml or weblogic.xml. PLease tell where I could find it.
Really appreciate your assiatnce. -
SSL[ Go to top ]
- Posted by: ven kat
- Posted on: February 07 2005 17:15 EST
- in response to ven kat
This forum here doesn't take colons.. thats why there r no colons in the urls mentioned. -
struts[ Go to top ]
- Posted by: Ash H
- Posted on: February 08 2005 09:48 EST
- in response to ven kat
ok so you are using struts duh!
For starters check if in your struts-config you have mistakenly typed https: in the forward attribute for your login.check the global forwards too. -
struts[ Go to top ]
- Posted by: ven kat
- Posted on: February 08 2005 10:34 EST
- in response to Ash H
Thx.
We r using struts....no string as 'https' in struts.config.
Well, I just click on that link and it forwards to https..really puzzled abt this redirection part where it's been done..help me out.
look forward to ur reply. -
None[ Go to top ]
- Posted by: Ash H
- Posted on: February 08 2005 10:51 EST
- in response to ven kat
venkat,
Is it possible for you to paste struts-config and weblogic config.xml in this forum ?
It will be difficult to say otherwise.
Thnx -
None[ Go to top ]
- Posted by: ven kat
- Posted on: February 08 2005 11:20 EST
- in response to Ash H
Hey...I dont have rights to paste the code here bcoz of security reasons of mmy company. But ok, in those 2 files I just dont see those folder names at all - I am sure the security aspect has been dealt in these 2 files. Help me out pl. -
None[ Go to top ]
- Posted by: ven kat
- Posted on: February 08 2005 11:34 EST
- in response to ven kat
In my last reply I meant the security aspect has not been dealt in those 2 files.sorry.