Secure and non-secure access to the web application in one war

Say we have one web application (in one war) which includes JSP, servlets and the security intercepter. There is one business requirement to have most of the JSP(s) accessed via HTTPS, but a few JSP(S) accessed via HTTP.
My questions are:
a. Is this possible, or a reasonable requirement or a good practice?
b. if yes, what can we do to make it happen in the security intercepter implementation?
c. If not, what is the technical reasons?
Thanks much.

a) Yes its is reasonable and good practive, there is an overhead using https, so you should only encrypt file you need to. When you use an online store, only account details / payments are https, the shop itself is http
b) I dont really understand your difficulty. You can define a folder as 'secure' and put all your secure pages in this folder, leaving non secure files in a different folder. Whenever a page in the secure folder is accessed, https is automatically invoked.

Similar Messages

  • Flash causes "page contains secure and non-secure..."

    Hi All,
    I have a flash menu on my web store .php pages and am getting
    a "this page contains secure and non-secure items..." in IE7 in
    Vista. I think this is because of the Flash menus, but thought I
    had taken care of this by making the codebase embedding to
    "https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0"
    Any suggestions on how to deal with this?
    Thanks, Scott

    Thanks so much ShadowKnyte for the reply. Turns out it wasn't
    the Flash menu, after all, as it did have the embedding links set
    to https. In fact, it was my Google analytics call at the end of
    the page. It needed to be changed to:
    <script src="https://ssl.google-analytics.com/urchin.js"
    type="text/javascript"></script>
    In case that helps anyone else out.
    Cheers, Scott

  • Secure and Non-secure Items

    Is anyone else getting a "secure"/"non-secure" items warning when iTunes is being launched from a webpage?
    The page with the problem lives on "https://deimos.apple.com". I don't think that I can fix the problem locally, but the warning stops iTunes from launching and some of my users are getting upset.
    It looks like the solution could be a quick fix, the address to the .css file, and some of the images is "http://deimos.apple.com" (NO "S" in the httpS://deimos...).
    How can I report this type of problem? Who do I send the issue to?

    I think this is your web browser warning you that the web page you are view has https and http URLs. Its not directly an iTunes U issue.

  • Ajax Login both secure and non secure url

    Does anyone know if there is a way to use ajax to log a user in for both the non secure and secure url. Normally if you're submitting a log in form over the secure url with the non secure url in the referrer parameter it will log you in on both domains but not via ajax. Anyone have a good work around?

    Here’s the code I’ve used…
    {% if Settings.Site_Live -%}
    {% assign redirectHTTP = "" -%}
    {% assign redirectDOMAIN = Settings.Site_URL -%}
    {% assign redirectEXTEND = "" -%}
    {% else -%}
    {% assign redirectHTTP = "http%3a%2f%2f" -%}
    {% assign redirectDOMAIN = Settings.System_Name -%}
    {% assign redirectEXTEND = ".fueldesign.co.nz" -%}
    {% endif -%}
    {% capture redirectURL -%}{{redirectHTTP}}{{redirectDOMAIN}}{{redirectEXTEND}}{% endcapture -%}
    <form class="form--box escapeWorldSecureSystems" method="post" action="https://{{Settings.System_Name}}.worldsecuresystems.com/ZoneProcess.aspx?ZoneID=51&amp;Referrer={{ redirectURL}}&amp;OID=&amp;OTYPE=" data-parsley-validate>
    Note: I have a Settings collection that has a lot of data from a Settings web app that controls a lot of settings for the website, such as “Site_Live” checkbox etc. this allows my sign-ins to be generic and editable site to site.
    And here’s the development URL where I’m working on this. (don’t just my site during development stage lol)
    http://astrolift.fueldesign.co.nz/ <http://astrolift.fueldesign.co.nz/>
    username: dev
    password: dev123
    Hopt this gives you some inspiration.
    Let us know if you get the ajax working.
    Cheers guys

  • Problem with automatic logout between secure and non-secure urls

    On my business catalyst page the user login page is located on a non secure url (our site's domain and not worldsecuresystems). When a user is logged in and then views a page on a secure url (i.e. a page to purchase a subscription to a secure zone) it does not retain their login cookie and it appears they have been logged out. This also creates a problem where I cannot pre populate the secure zone purchase form with a user's information based on their account details. Is there a way to retain have both domains recognize the user is logged in to allow the user to freely pass between these domains without having to login twice? I was considering putting the login page on the secure domain and using relative urls for all my links but for some reason some of my pages appear corrupt when viewed on the worldsecuresystems domain so I'd like to avoid this method. Any help would be appreciated.

    Make sure the referrer paramter is correctly set on the form.
    This is the default BC action. But remember the {module_siteurl} will return the host they are currently on. So if this is used on a secure page you'll need to use {module_sitehost} instead
    action="{module_secureurl}/ZoneProcess.aspx?ZoneID=-1&amp;Referrer={module_siteUrl,true,true}&amp;OID={module_oid}&amp;OTYPE={module_otype}">

  • Secure and non secure hotspots

    When setting up my e1000 router for a secure domain it automatically opened a non secure one that my neighbors are using. How can I cancel it? Please help

    Sounds like your guest network is active and you need to disable it or assign a password.  The instructions are in the manual you received on the CD.

  • SSL - Secure and non secure objects

    Hello to all!
    A box of donuts to anyone who knows how to handle this one! Using Portal 5.03 in an Internet setting (City home page) and we use the "Hosted Display Mode" to serve some of our vendor applications (such as online class registration) through the gateway so that it comes up inside the portal.This works fine until you get to a page being served via SSL. What happens is that many of the objects on the pages (images, javascript, etc) are being called via http instead of https. Some of the items come from the application itself, but a great number of these references come straight from the portal (things like helper javascript such as PTUtil.js)So my question becomes, is there anyway that the gateway can force every URL coming through to write out as https?
    ~Kevin.

    Hello to all!
    A box of donuts to anyone who knows how to handle this one! Using Portal 5.03 in an Internet setting (City home page) and we use the "Hosted Display Mode" to serve some of our vendor applications (such as online class registration) through the gateway so that it comes up inside the portal.This works fine until you get to a page being served via SSL. What happens is that many of the objects on the pages (images, javascript, etc) are being called via http instead of https. Some of the items come from the application itself, but a great number of these references come straight from the portal (things like helper javascript such as PTUtil.js)So my question becomes, is there anyway that the gateway can force every URL coming through to write out as https?
    ~Kevin.

  • I've just came on board from Andriod and need massive help with the Contacts application any one out there willing to help the 'noob'?

    I had the folks at the store port over all of my contacts from my old
    ratty Andriod phone to my new shiny iPhone.
    however all 200+ of my contacts sort of "shook" out,
    meaning say John Smith, on my old phone,
    had in my contacts the following:
    John Smith
    123 Main St. Anytown, Anystate USA
    555-826-4879 home
    555-799-4247 cell
    [email protected]
    johnsmith@facebook
    all nice and neat on my andriod but when it ported over
    all that information was just scattered all over my contacts sort of like:
    john smith, smith john
    john smith 123 main st. etc.
    johhn smith home 555 etc.
    john smith cell 555 etc.
    john smith johnsmith@ etc.
    etc.
    so for all those 200+ contacts in my phone, I've got a zillion of them now...
    so I'd like to get this all back in order before I and Siri explode.
    I know nothing, and I know even less about outlook and the sort.
    But I do know I am in Dire need of help with this... I figured that eveything else
    involving iphones and apple in general was supposed to be cake but it seems
    like this is the only thing that isn't cake at all... unless, I'm just a right idiot. (which is possible, hence spelling and grammatical issues).

    I believe I've tried to sync it with google, but it didn't seem to take
    muchless take my calender. it seems to favor my facebook calender
    more over my google calender, but Siri seems to be helping me re-write
    it...but that's not the game here, it's the contacts. I've tried to export
    the cvp (??) list and import it into my iTunes account. However, It only
    doubled my issue because it didn't over write my existing contacts.

  • Disable Java Security Warning: Allow access to the following application from this web site?

    Dear all,
    When I open web intelligence with BI launchpad, this warning has been shown:
    "The web site is requesting access and control of the Java application shown above. Allow access only if you trust the web site and know that the application is intended to run on this site.
    Allow access to the following application from this web site?"
    and it has just three button of "Yes", "No" and "Help".
    I go to Java Control Panel and Security tab, then set security level on the "Medium" and add my site in the Exception Site List but this warning is shown each time I open web intelligence.
    I have searched the internet very much but I haven't found any solutions for disabling of it. How can I disable this security warning?
    Java version 7 update 67
    windows XP
    SAP BusinessObject BI Platform 4.1 Support Pack 4 Patch 2
    best regards,

    Hello,
    We have the same issue with BI4.1 SP3 FP3.
    Can anyone help us ?
    Nawale.

  • I can't remember my security questions and have no access to the recovery email address

    I can't remember my security questions and have no access to the recovery email address

    You won't be able to change your rescue email address until you can answer your questions, then you will have to contact Support in your country to get the questions reset.
    Contacting Apple about account security : http://support.apple.com/en-us/HT5699
    If your country isn't on that page then try this form and explain and see what they reply with : https://ssl.apple.com/emea/support/itunes/contact.html
    When they've been reset you can then update your rescue email address to an account that you have access to for potential future use : http://support.apple.com/en-us/HT201356
    Or, if it's available in your country, you could change to 2-step verification : http://support.apple.com/kb/HT5570

  • I have an icloud account which I can access via the web but when I go to systems preferences and click on the icloud it sends me to the mobileme closed site?? How do I get it to go to my icloud log in

    I have an icloud account which I can access via the web but when I go to systems preferences and click on the icloud it sends me to the mobileme closed site?? How do I get it to go to my icloud log in?

    You're saying that when you click on the  iCloud preference pane button it sends you to the defunct MMe
    rather than giving you this?
    Is your profile up to date, i.e. are your running 10.7.5?  Make sure you click on the iCloud button and not the MMe button.
    OT

  • TS3276 Accessing Gmail suddenly stopped working on both my Powerbook pro running latest OS and Mail versions and on my iPhone. I can access via the web. I get the error that my password or username is incorrect. I reset my password in Gmail and confirmed

    Accessing Gmail suddenly stopped working on both my Powerbook pro running latest OS and Mail versions and on my iPhone. I can access via the web. I get the error that my password or username is incorrect. I reset my password in Gmail and confirmed it works on gmail, I then changed it on my Iphone and Mac Mail. It still does not work. I deleted the gamil account on mail on my mac and reinstalled it and it still will not work

    I too started having my password rejected in MAIL.app for imap.mail.me.com for my icloud email address.  Can login to icloud with web browser fine.  This has been happening off and on for several days.....if I wait 2-3 hours it will suddenly start working again, but then problem re-asserts itself ;-)

  • How do I delete an iCloud account from my iPad that I no longer know the password for and have no access to the email account to change it?

    How do I delete an iCloud account from my iPad that I no longer know the password for and have no access to the email account to change it?

    You will need the password. If you can't get it reset via http://iforgot.apple.com (if you remember the answers to the account's security questions then you should be able to reset it via them) then try contacting Support in your country, they should be able to reset it.
    Contacting Apple about account security : http://support.apple.com/kb/HT569
    If your country isn't on that page then try this form and explain and see what they reply with : https://ssl.apple.com/emea/support/itunes/contact.html

  • Disable Security  Alert while redirecting for secure to non secure mode.

    Hi Experts,
    I am new to the portal and came accross a very different kind of requirement for which i need you advice.
    On pressing the Logout button on the portal, the navigation/control is redirecting to the non secure Http website. My portal is on Https site. Now the issue is upon logging out I am getting the security Alert " You are about to direct to a connection that is non secure. Do you want to continue? "
    Now I have a requirement to suppress or remove this pop up. I do understand that this is the IE functionality to show the pop message and I have already uncheck the check box under Internet Options -> Advanced -> miscellaneous -> Warn if changiung between Secure to non secure.
    Please suggest !
    Thanks
    Shobhit Taggar

    Shobhit,
    Which version of IE?
    Regards,
    Sandeep Tudumu

  • Disable security Alert while redirecting from secure to non secure mode

    Hi Experts,
    I am new to the portal and came accross a very different kind of requirement for which i need you advice.
    On pressing the Logout button on the portal, the navigation/control is redirecting to the non secure Http website. My portal is on Https site. Now the issue is upon logging out I am getting the security Alert " You are about to direct to a connection that is non secure. Do you want to continue? "
    Now I have a requirement to suppress or remove this pop up. I do understand that this is the IE functionality to show the pop message and I have already uncheck the check box under Internet Options -> Advanced -> miscellaneous -> Warn if changiung between Secure to non secure.
    Please suggest !
    Thanks
    Shobhit Taggar

    Shobhit,
    Which version of IE?
    Regards,
    Sandeep Tudumu

Maybe you are looking for

  • USER_DATASTORE with VARCHAR2

    I'm using Oracle Text with Oracle Enterprise Server 8.1.7 on Solaris. I try to create an index with a user_datastore based on a procedure returning a varchar2. It seems to me that I wrote that procedure as the documentation says but I get that error

  • DNS-resolution doesn't work with VPN

    Hello, I setup a l2tp vpn connection in the iPhone and nearly all works perfectly. But the most important part doesn't work: The DNS-resolution after connecting to the VPN. It's possible to send pings over the 'ping'-App and I also can ping the iPhon

  • Vendors pulling software, shady practice.

    Recently "Apparent Software" decided to re-release their previous "Blast Utility" as a new application called "Trickster." In doing so they completely pulled "Blast Utility" from the App store without notifying customers. I would like to know how a v

  • Process for new hard drive

    Hi everyone, I was hoping somebody could point me to some tutorials for upgrading the hard drive in my PowerBook G4 (1Ghz). I own an external drive (usb only) that is the same size as the drive in my PB (80gb), this is what I'd use to back up my hard

  • FRM-92100 error when performing execute_query

    Hi, I know that the connection loss symptom is common, but after reading several posts here in this forum, i didn't find any valuable explain to my problem. I'm using Forms 6i under Oracle 8i database. My application is used on web environment. I enc