supress security alert when switching from http tp https

I have a web application running on resin webserver. the server listens to http requests on 8001 and https requests on 8443. I need to have my application accessed over https but i want to supress the security alerts which pop up on the browser. there are two security pop ups - one for certificate and other for entering a secure region.

i tried to redirect the call (received over http) to https via a servlet filter. couldnt get away with the warning.
i have seen hotmail being accessed over https but no security alert appears.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi swapnil001,

It's not a Java problem, but depends on your browser.
If you directly type a https address no alert is shown, but if the web site is http and redirect to https (link / script) then security alert is shown, as for https site redirecting to http.
I assume the one for the certificate is because you are running your https on a test certificate (ie:  one you haven't paid for)

How are you doing the redirect?  Vie a response.sendRedirect?  or a request dispatcher?


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mick BarryJava DeveloperCommented:
try using httpunit to access the site, it should be able to handle the alert (by accepting it)
swapnil001Author Commented:
thanks all.
yes the certificate warning can be avoided if the certificate is signed from a trusted authority like verisign. however, the next warning :This page contains both secure and non secure items..." is more dirty. i strongly want to supress it.
it can be avoided if all the content (including images) on the page is transferred on ssl which is not the default behaviour. As har as i know now..we can mention the url to be used to deliver static content in the jsp page itself. in the presence of that url, webserver uses it to deliver the static content instead of using the url in the request.

can anybody tell me specifically how to do this or if there is another way out ?

swapnil001Author Commented:
gotcha !!
i take my claim (of images being transferred on http) back. All the content fetched through relative url is fetched over ssl only. We are fetching some third party content via an absolute (http) url. that has to be changed.

But, i have to give it to Tim and Webstorm.

Thanks to you too objects.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.