supress security alert when switching from http tp https

Posted on 2006-04-20
Last Modified: 2010-03-31
I have a web application running on resin webserver. the server listens to http requests on 8001 and https requests on 8443. I need to have my application accessed over https but i want to supress the security alerts which pop up on the browser. there are two security pop ups - one for certificate and other for entering a secure region.

i tried to redirect the call (received over http) to https via a servlet filter. couldnt get away with the warning.
i have seen hotmail being accessed over https but no security alert appears.

Question by:swapnil001
    LVL 13

    Assisted Solution

    Hi swapnil001,

    It's not a Java problem, but depends on your browser.
    If you directly type a https address no alert is shown, but if the web site is http and redirect to https (link / script) then security alert is shown, as for https site redirecting to http.
    LVL 35

    Accepted Solution

    I assume the one for the certificate is because you are running your https on a test certificate (ie:  one you haven't paid for)

    How are you doing the redirect?  Vie a response.sendRedirect?  or a request dispatcher?

    LVL 92

    Expert Comment

    try using httpunit to access the site, it should be able to handle the alert (by accepting it)

    Author Comment

    thanks all.
    yes the certificate warning can be avoided if the certificate is signed from a trusted authority like verisign. however, the next warning :This page contains both secure and non secure items..." is more dirty. i strongly want to supress it.
    it can be avoided if all the content (including images) on the page is transferred on ssl which is not the default behaviour. As har as i know now..we can mention the url to be used to deliver static content in the jsp page itself. in the presence of that url, webserver uses it to deliver the static content instead of using the url in the request.

    can anybody tell me specifically how to do this or if there is another way out ?


    Author Comment

    gotcha !!
    i take my claim (of images being transferred on http) back. All the content fetched through relative url is fetched over ssl only. We are fetching some third party content via an absolute (http) url. that has to be changed.

    But, i have to give it to Tim and Webstorm.

    Thanks to you too objects.


    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    twoTwo  challenge 35 72
    bunnyEars2 challenge 6 46
    array220 challenge 8 32
    wordappend challenge 8 51
    After being asked a question last year, I went into one of my moods where I did some research and code just for the fun and learning of it all.  Subsequently, from this journey, I put together this article on "Range Searching Using Visual Basic.NET …
    Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
    Viewers learn how to read error messages and identify possible mistakes that could cause hours of frustration. Coding is as much about debugging your code as it is about writing it. Define Error Message: Line Numbers: Type of Error: Break Down…
    This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now