Discussions

General J2EE: Tough SSL problem...guru level!

  1. Tough SSL problem...guru level! (2 messages)

    It all started when I got a "This page contains both secure and nonsecure items" when accessing my JSF application using HTTPS in IE on a Windows XP machine. Note that everything works perfectly using HTTP.

    Now I know that message normally means that somewhere something is accessing via http instead of https, but all of the data comes from my local app server, so why IE was complaining I did not know. I then tried Firefox and (although it has other issues...like images that don't show up) it did not have this problem (and resports everything coming back is from an HTTPS connection).

    I then tried accessing the same app using a Windows 2003 Server machine using IE. This time, not only did I get the message about the secure and nonsecure content, I also did not get any images back that I load from a servlet. Inspecting the app server log I see this:

    [code]
    [#|2005-06-22T12:50:42.807-0500|SEVERE|sun-appserver-pe8.0.0_01|org.apache.tomcat.util.net.PoolTcpEndpoint|_ThreadID=16;|Handshake failedjavax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA12275) at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:118) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:534) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:647) at java.lang.Thread.run(Thread.java:534)|#]

    [/code]

    The next thing I did was go back to the Windows XP machine running IE and set the properties in IE to enable the display of mixed content to get rid of the message about secure and nonsecure items.

    Now visiting the JSF app the message box is no longer displayed but a side effect (a very bad side effect) takes place!

    For some reason, with the option set this way, the session bean cannot be located and my filter kicks me back to the login page! This happens for every page except the first one after the signon page. So, if I click on something on page two (with page one being the logon page) that sends me to another page, the filter catches it since it cannot find the session bean and assumes that the user's session timed out, and redirects them to the login page.

    This works fine when the "Display mixed content" is not enabled.

    Note that I have not purchased an SSL certificate, but one must have been generated for me by the Sun App Server.

    Anyway, I have three questions:

    1) Why the message to begin with?
    2) Why does running IE on Windows 2003 cause the Unrecognized SSL error?
    3) Why would enabling mixed mode display wax my session bean?

    THANKS!

    Threaded Messages (2)

  2. Purchase of SSL certificate is not an issue.
    I will debug the things by changing the simple HTTP port to some weird one and then accessing the page through HTTPS via netscape 4.7. If your page loads successfully including images and stylesheets then you need not worry about anything & most likely it is a browser issue.
  3. Argh![ Go to top ]

    Well I did as you suggested and it had a similar but not the same exactly, sort of problem.

    It did make me think about something again though and that is when I saw it. Oh the agony!

    What I did was leave the s off of https inside my code that calls the URL to the image loading servlet. The port was for the https port all right, but it wasn't prefixed corrrectly!

    After I did that all my proplems went away!