• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 284
  • Last Modified:

supress security alert when switching from http tp https

I have a web application running on resin webserver. the server listens to http requests on 8001 and https requests on 8443. I need to have my application accessed over https but i want to supress the security alerts which pop up on the browser. there are two security pop ups - one for certificate and other for entering a secure region.

i tried to redirect the call (received over http) to https via a servlet filter. couldnt get away with the warning.
i have seen hotmail being accessed over https but no security alert appears.

cheers
0
swapnil001
Asked:
swapnil001
2 Solutions
 
WebstormCommented:
Hi swapnil001,

It's not a Java problem, but depends on your browser.
If you directly type a https address no alert is shown, but if the web site is http and redirect to https (link / script) then security alert is shown, as for https site redirecting to http.
0
 
TimYatesCommented:
I assume the one for the certificate is because you are running your https on a test certificate (ie:  one you haven't paid for)

How are you doing the redirect?  Vie a response.sendRedirect?  or a request dispatcher?

Tim
0
 
objectsCommented:
try using httpunit to access the site, it should be able to handle the alert (by accepting it)
0
 
swapnil001Author Commented:
thanks all.
yes the certificate warning can be avoided if the certificate is signed from a trusted authority like verisign. however, the next warning :This page contains both secure and non secure items..." is more dirty. i strongly want to supress it.
it can be avoided if all the content (including images) on the page is transferred on ssl which is not the default behaviour. As har as i know now..we can mention the url to be used to deliver static content in the jsp page itself. in the presence of that url, webserver uses it to deliver the static content instead of using the url in the request.

can anybody tell me specifically how to do this or if there is another way out ?

0
 
swapnil001Author Commented:
gotcha !!
i take my claim (of images being transferred on http) back. All the content fetched through relative url is fetched over ssl only. We are fetching some third party content via an absolute (http) url. that has to be changed.

But, i have to give it to Tim and Webstorm.

Thanks to you too objects.

cheers
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now