Using SSL and non-SSL

Similar Messages

• Mixing ssl and non ssl jsp pages.

  Hi,
  I am new to Weblogic 8.1 and I would like to learn how to setup few jsp pages in https:// and few pages to be served in http:// protocol.
  I have created a managed server using 7004 for http and 7040 for https. Currently I have 2 jsp pages index.jsp and test.jsp and both the pages can be accessed using http:// or https://
  I wanted to make test.jsp work only with https:// and not work with http:// How do I configure this?
  In realtime webapplications. How is switching of http and https working? Are the URL's hard coded in the controller servlet?
  Some tips would be helpful.
  Uma

  Hi,
  To do this task do the following,
  1. Create a property file in your application. for example let us take myapp.properties
  2. include the following to the myapp.properties file
  #sslport=7002
  #nonsslport=7001
  #serverip=127.0.0.1
  #ctpath=myApp
  # In your case
  sslport=7004
  nonsslport=7040
  serverip=127.0.0.1
  # ctpath is the web deployment directory
  ctpath=yourapp
  3. Create a class to read the property file say PropertyReader.java and implement the following
  String sslport=Properties.getProperty("sslport");
  String nonssl=Properties.getProperty("nonsslport);
  String serverip=Properties.getProperty("serverip);
  String cpath=Properties.getProperty("ctpath");
  4. initialise the propertyReader class and
  in the property class keep following variables in admin session data
  String sslpath="https://"+serverip+":"+sslport+"/"+cpath
  String nonsslpath="http://"+serverip+":"+nonsslport+"/"+cpath
  5. use these variables for ssl or nonssl
  response.senRedirect(sslpath+"/bank.jsp"); //for ssl
  response.sendRedirect(nonsslpath+"/welcome.jsp"); //for non ssl
  like the same way
  Regards,
  Nishant Kulkarni

• Separating SSL and non-SSL transactions

  What's the best way to separate SSL andnon-SSL transactions in a single web app?Ie when the user logs in, the login formis submitted over an SSL connection, butfrom then on only certain pages/forms useSSL. If there's one JVM with the sessioninfo, how can we be sure what needs to besecured goes thru the SSL server?

  javax.servlet.ServletRequest method isSecure() - "Returns a boolean indicating
  whether this request was made using a secure channel, such as HTTPS."
  Chris Scott wrote:
  >
  What's the best way to separate SSL andnon-SSL transactions in a single web app?Ie when the user logs in, the login formis submitted over an SSL connection, butfrom then on only certain pages/forms useSSL. If there's one JVM with the sessioninfo, how can we be sure what needs to besecured goes thru the SSL server?

• How do i know the ssl over non ssl

  Hello Gurus,
  Your answer is greatly aprreciaied ;
  a)
  https://ebusdockel.9dc.com:243/DockerMasterAJX/services/DockerMaster
  b)
  http://ebusmodel.9dc.com/DockerMasterAJX/services/DockerMaster
  How do to dtermine from the above 2 URLS difference betwenn SSL and non SSL ,your answer is appreciated.

  Hi,
  There is a way within Forms to programmatically tell whether users are in SSL or not - if you're in 11g Forms. You can use the new 11g javascript built-ins to execute javascript. Javascript will pull the URL and return it to as a VARCHAR. Then you can have PL/SQL logic to see if the url contains "https" or "http", then you can execute whatever logic you want.
  The PL/SQL Built-in you want to use is: web.javascript_eval_function
  The javascript command you want to run is: document.location.href
  If you are looking for a way to force users to go to SSL, there are some options you can do with OHS(Oracle HTTP Server) - which comes with the 11g Forms.
  I hope this helps.
  Thank you,
  Gavin
  http://pitss.com/us

• Session Cookies Being Overwritten Browsing From SSL to Non SSL

  I have created a bug report for this issue as well.
  Please note I am using J2EE session variables so keep that in mind.
  I am seeing session cookies being overwritten when browsing from an SSL connection to a non SSL connection.
  For example:
  Visiting https://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Encrypted connections only".
  Visiting http://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Any type of connection".
  Here's the problem:
  Say for example, you're logging into an admin module located at https://www.domain.com/admin/. Once authenticated and some session variables are set, you browse to http://www.domain.com/. When that happens your session cookie (JSESSIONID) is overwritten with a new value and you instantly lose your authentication in the admin module.
  Obviously this is causing massive problems for my clients that bounce back and forth from SSL to non SSL connections which is common for e-commerce websites.
  Steps to Reproduce:
  1. Clear your cookies.
  2. Visit a web page such as https://www.domain.com/. Note the JSESSIONID cookie value.
  3. Visit a web page such as http://www.domain.com/. Note the JSESSIONID cookie value and how it was overwritten.
  This behavior changed in ColdFusion 10. ColdFusion 9 did not overwrite the session cookie.
  Has anyone else experience this?

  Deleting and re-adding my account seems to have fixed it.  I think when I initially added my Google Talk account, it was by using the "Add Jabber Account" under 10.6 or something.  Now, when I re-added my account, I notice both "Google Talk" and "Jabber" are options, so my thought here is that Jabber and Google Talk options are no longer quite the same thing.

• Difference between using Java and Non-Java in Webi.

  Hi ,
  I have one more question requesting for an answer.
  Would like to know what is the Difference between using Java and Non-Java in Webi.
  Thank You in advance.
  Appana Ganesh.

  Hi,
  check the Information in following post, the differences are discussed there:
  http://scn.sap.com/thread/3295306
  best regards,
  Victor

• Changes to Verizon email servers and Non-SSL capable email clients

  Need to change over my pop/smtp settings to the new settings as per Verizon notification.  I have quite a few non-SSL capable email clients.  Does Verizon provide a non-SSL email server on port other than 25 I can use ?

  blottje wrote:
  Need to change over my pop/smtp settings to the new settings as per Verizon notification.  I have quite a few non-SSL capable email clients.  Does Verizon provide a non-SSL email server on port other than 25 I can use ?
  Not once they turn off the old incoming/outgoing servers. (Supposedly coming in September.)
  What email clients are you using that don't allow for SSL???
  If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
  "All knowledge is worth having."

• Double Posting using Leading and Non-leading ledger...

  Gurus'
  I am at a client that is using the leading (0L) and non leading (PL) ledger set up.  Also, we have configure an additional document document (ZF) for posting to the (PL) ledger.  The following configuration settings have been made:
  1     US GAAP (group accounting) (PLN)                    1     0L
  2     Depreciation on tax limited value (cars)                    0
  3     PAS (Polish Accounting Standards) (PLN)                    2     PL
  10     CIT TAX (Polish taxation accounting) (PLN)                    3     PL
  30     Consolidated balance sheet in local currency PLN       0
  31     Consolidated balance sheet in group currency USD     0
  32     Book depreciation in group currency (USD)                    0
  Can someone explain why I am seeing a duplicate posting on the non leading ledger.  Using the settlement transaction from Project Systems or ABZON from the Asset Module I get the expected (AA) document type posting on the leading ledger but also on the non-leading ledger.  When I run ASKB, the document ZF is also posted on the non-leading ledger.
  Can someone help me figure this out?  Thanks,

  Hi,
  You can check BKPF (document header) and there is a field "ledger group" for which the document was posted onto. If there's no value in the field, it means the document was posted to all ledgers (leading and non leading).
  Kyoko

• How to use SquirrelMail and Require SSL for IMAP Service?

  Hello,
  Mac OS X Server v.10.4.9 – Open Directory Master
  Providing POP, IMAP, SMTP, web services including webmail via SquirrelMail.
  PHP v.4.4.4 Nov. 1, 2006
  OpenSSL v.0.9.7l Sept. 2006
  I need to require SSL for IMAP access, however, I also need to provide webmail access. SquirrelMail does support TSL it seems and that can be configured from /etc/squirrelmail/config/conf.pl and is discussed briefly here: http://www.squirrelmail.org/wiki/SquirrelMailIMAPS .
  When I turn on TSL on SquirrelMail and change the IMAP port number to 993 attempting to log into SquirrelMail provides the following error:
  Bad request: IMAP server does not appear to support the authentication method selected. Please contact your system administrator.
  According to the above noted page from the SquirrelMail site one needs PHP 4.3 and SSLv3 in order for TSL to work, one must also connect to the IMAP server over port 993. Requirements I appear to meet.
  So – how can one require the use of SSL for IMAP and still provide webmail access via SquirrelMail?
  I have reviewed these three threads:
  http://discussions.apple.com/thread.jspa?threadID=912841&tstart=75
  http://discussions.apple.com/thread.jspa?messageID=1457773&#1457773
  http://discussions.apple.com/thread.jspa?messageID=3921004&#3921004
  However they do not answer the fundamental question of how to use SquirrelMail with SSL required by IMAP. Essentially the conversation revolves around working around the SSL requirement or forgoing it.
  Thank you for any assistance.

  David,
  Yet from time to time these same users are in a
  circumstance where they need to use webmail, thus
  SquirrelMail needs to work. I am not trying to
  secure webmail by requiring SSL.
  I see, your problem. In this particular case there is a workaround.
  Use different ports for postfix and cyrus limited to localhost, thus catering only to SquirrelMail, thus not needing TLS.
  Roughly do this (this is just off the top of my head, may contain errors):
  For SMTP / Postfix:
  Edit /etc/postfix/master.cf
  and add:
  465 inet n - n - - smtpd
  -o smtpdrecipientrestrictions= permit_mynetworks,reject
  -o mynetworks=127.0.0.1/32
  -o smtpdenforcetls=no
  # This will create a port 465 (if you use this alreay pick another one. choose the number wisely, depending ony what is in use on your server)
  # This port is only accessible to IP number in "mynetworks"
  For IMAP / Cyrus
  Edit /etc/cyrus.conf and add (below imap):
  imaplocal cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imap" prefork=0
  Next duplicate /etc/imapd.conf and name it imapd-local.conf
  Edit /etc/imapd-local.conf
  Change
  tlsserveroptions: require
  to
  tlsserveroptions: use
  Next edit:
  /etc/services
  and create a port called "imaplocal"
  (you could probably recycle 585 wich is deprecated, check what is in the services file, make sure no duplicate port numbers).
  should look something like:
  imaplocal 585/udp
  imaplocal 585/tcp
  When done with all config files:
  Save & restart mail services
  Point SquirrelMail to the new ports wich should only be accessible to localhost (check with an external client if it holds
  Sorry for the "draft style" post, but I don't have much time.
  Just ask, if anything isn't clear.
  HTH,
  Alex

• Content server and Non SSL portlet

  I have a url that I placed in one of my portal headers that is not using SSL (i.e. http://mylink.com) My portal is SSL (https://myportal.com). When a user login to the portal he gets a message from the browser ?This page accessing information that is not under it?s control. Do you want to continue?? This also happens when I place a portlet that use Google gadget or a weather web services. How do I get around this?
  We are using ALUI 6.1, w/.net
  Thank you

  here is the solution for anyone that is interested. I got it from BEA support:
  Resolution:
  This is a Zone Alert issue involved with "Cross Domain Data" access and XHTML rendering of content not on the same site as server the user lands on. (thats all i have found out so far)
  The User's IE settings in the security tab can be changed to stop the prompt. The specific setting is in the IE Tools/Internet Options/Security Tab/Custom Level Button. It is under Miscellaneous category titled "Access Data Sources Accross Domains". Set this parameter to "Enable" will stop the prompt. (But this is on the user's side not the server side)
  Also enable mixed content should be enabled as well to prevent the mixed mode security errors. This needs to be configured against each client machine.

• Bulk changing all websites from SSL to non-SSL (443 to 80)

  While I was cleaning up my Mountain Lion Server, I innocently updated some SSL server certificates.
  Shortly afterwards, I found that ALL my HTTP (80) sites didn't work. I went into the Server.app and found that ALL my sites were now using port 443, rather than the port 80 that they were running on.
  Since I have over 100 sites, I need to know how to BULK update them back by removing the certificate they were assigned when I updated that specific cert.
  How did I update the certificate? I was looking at the Alerts section of the Server.app, that told me that some were expiring. There was a Replace button and that's what I clicked. I was never warned that it would change ALL my sites from having NO certificate to the certification that I replaced.
  Any ideas on how to resolve this issue quickly, without having to open up EACH site and change the certification to NONE (and thus changing the port back to 80)?

  There's no bulk update via the GUI [1], which leaves shutting off Server.app and mass-editing the Apache data.
  For a bulk change of 443 to 80, something like this should get you started. 
  FWIW, Do also confirm whether the port 80 sites are still around in the configuration data, as some web browsers are now selecting 443 whenever that's available.
  [1] Yes, I'm probably ignoring scripting via AppleScript here.  If I have to script something, it'll be the Apache data and not the GUI, and using bash, Python or other such and likely not AppleScript.  Local preference.

• What's the difference between END-TO-END SSL and other SSL?

  Could anyone summarize all of the differences?
  Thanks a lot! Points guaranteed.

  Hi,
  SSL end-to-end means that the web dispatcher is just forwarding the
  HTTPS requests to the backend system without unpacking / decrypting the data.
  This can be configured by icm/server_port_<XX> = ...,PROT=ROUTER,..
  To be able to configure the ROUTER protocol on the web dispatcher you also
  must have configured HTTPS / SSL on the relevant backend system.
  Configuring SSL "only" means that the web dispatcher is listening to HTTPS and you can decide with the relevant parameters, if the communication to the backend is HTTP or if it is again reencrypted using HTTPS.
  This would end up in using the parameter icm/server_port_<xx> = ...,PROT=HTTPS,....
  Kind Regards
  Thomas Alt

• Error in using XA and Non-XA datasource at same time

  I think this case may be a little complicated:
  there are two actual databases, for example, A is for service/biz, and B is for data archiving. system run the archiving service once a day, we decided to use JTA to ensure that no records would be lost while any exceptions encountered on each side. we create two XADatasouces for A and B. And there is an existed Non-XADatasource in weblogic that be used by general business. it's Database A actually. make a summary:
  Two actually databases :
  A , B
  Three DataSources in Weblogic :
  Non-XA-DS , XA-DS1 - > refer to Database A, the business DB
  XA-DS2 - > refer to Database B, the archiving DB
  And the archiving code like this:
  try{
  UserTransaction.begin;
  fetch Data from XA-DS1;
  record logs to Non-XA-DS;
  save Data to XA-DS2;
  UserTransaction.end;
  }catch(){
  UserTransaction.rollback;
  }finally{
  release resources;
  look at the bold lines. it work well if remove the "*record logs to Non-XA-DS*". but if enable the logs features it will throw out an exception with message " cannot call commit of connection in a distributed transaction". It's weird, that Non-XA-DS is not a XADatasource and I also disabled the Global Transaction Support of the datasource. As i think . that UserTransaction would not manage a DS indicated not support JTA. is that correct? And how can I resolve this problems
  Edited by: 985707 on Feb 2, 2013 6:31 AM

  Actually it may work with pdnsd if you run it on 127.0.0.3:
  /etc/resolv.conf
  nameserver 127.0.0.3
  nameserver 127.0.0.1
  nameserver 127.0.0.2
  /etc/pdnsd.conf
  global {
  server_ip = 127.0.0.3;
  /etc/conf.d/dnscrypt-proxy
  DNSCRYPT_LOCALIP=127.0.0.1
  /usr/lib/systemd/system/dnscrypt-proxy.service
  [Unit]
  Before=pdnsd.service

• Debugging using Eclipse and non-standalone 10g

  Hey - is it possible to perform remote debugging using Eclipse against the non-standalone version of the 10g App Server? I've tried some of the hints listed in this forum (the most promising seemed to be starting oc4j using this command-line command:
  java -classic -Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=2727 -jar oc4j.jar, then connecting with the Eclipse debugger, which I managed to do - though I had to change one of the parameters because the designated file [a timezone file] could not be found - after the change things seemed to start up correctly. However, when I tried to hit http://localhost:2727 I got a "server not found or DNS error"). I don't know if the debugging works with the non-standalone version of 10g or not... or if I should be using some other startup command so hopefully y'all can help :)
  Thanks,
  Scott

  Scott, apparently you have fallen pray of one of the most common misunderstandings of oc4j. Oc4j, namely, Oracle Application Server Container for j2ee, is a COMPLETE j2ee server. It supports http and https by itself. It is also an ejb container and a lot more. It can be used as a standalone or, with a different configuration, integrated into Oracle Application Server as its core component.
  When you use the command "java -jar oc4j.jar ...", you are starting an instance of "standalone oc4j" or "oc4j standalone" as mentioned above, albeit from an OAS installation. In contrast, you can start one instance of Oracle Application Server by "<ORACLE_HOME>/opmn/bin/opmn startall", which will starts, besides several other components, one or several oc4j processes as its oc4j component. This OAS is an HTTP server that takes initial requests and routs the requests that are for OC4J to OC4J server. It may handle some of the requests by itself, or routs other http requests to other components, like mod_plsql. Finally, what we usually called "farm" is a collection of OAS clusters and instances that share the same OAS Infrastructure.
  What I have written is just a tiny mini introduction of the OAS. For starters, oc4j is for use by development and small-medium scale production deployments. Plese take a look at the book "Oracle Application Server Containers for J2EE Standalone User's Guide" and then, "Oracle Application Server Concepts". You can find them by
  1. go to http://otn.oracle.com
  2. select "documentation" pull-down menu and then "application server"
  3. go to the first "view library" or the one suits you.
  4. view the "Oracle Application Server Concepts"
  5. or go to "List of All Books" and you will see all of them!
  Well, the best place to self-teach oc4j is, besides googling with site:oracle.com, the oc4j homepage,
  http://www.oracle.com/technology/tech/java/oc4j/index.html
  The above is written in case you need more information. Now let me come to your specific questions.
  1. how to hit the OC4J instance directly, bypassing an HTTP server entry?Since what you started is an oc4j standalone, it does not make any sense to say "bypassing an HTTP server entry". Oc4j instance itself IS an http server. To access its http service, try
  http://<yourHostNameOrIP>:<httpPort>/<yourAppWebContextRoot>
  where the httpPort and yourAppWebContextRoot can be found in default-web-site.xml or http-web-site.xml. Which one or other web-site.xmls are effective is determined in <OC4J_HOME>/config/server.xml. Here the OC4J_HOME refers to your "C:/OraHome1/j2ee/home".
  2. how to get the HTTP server started via the command-line startup?As said above, you already got an HTTP server running.
  What I suggest for you is to play with oc4j standalone. You can come to OAS later:
  1. download oc4j standalone distribution, "Oracle Containers for J2EE 10g (10.1.3) Developer Preview 3", from here "http://www.oracle.com/technology/software/products/ias/preview.html"
  2. unzip the downloaded file. What you get is basically the same to a part of your existing "C:/OraHome". Go to j2ee/home. Run
  java -Xdebug -Xnoagent -Djava.compiler=none -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=3301 -jar oc4j.jar
  Make sure you are using java 1.4.2 sdk.
  3. "new" your remote debugger from Eclicpse and specify the hostname and port 3301.
  4. http://<yourHost>:8888/
  A further note: to debug jsp's, you can use Jdeveloper that allows you to set debug points directly in a jsp that is running in its embeded oc4j server.

• NW7 ssl and webdispatcher ssl

  Hi:
  We have an NW7 (A+J) system and a webdispatcher in front of the NW7.
  I have configured the SSL between the NW7 and the webdispatcher.
  Do I have to configure the SSL on the NW7 itself, that is the SSL between the ABAP and the JAVA?
  I see documents on both types of SSL configuration but no sure what is the differnece in their functionalities.
  Thanks!

  Hello Laura,
  1) for BI and PI with ABAP and JAVA on seperated servers, no SSL needed between A and J?
  - As far as I know, SSL between ABAP and JAVA stacks is not required in BI and PI systems. If you need secure layer for message processing in PI system then we have separate procedure for SSL setup in PI Java stack.
  2) for a pure Java system (no ABAP), I remember I read a document about configuring SSL on itself (no with the webdispatcher), could you please tell what is that for?
  - Let's assume pure Java system is Enterprise Portal. If ABAP system SAP HCM is backend for EP then we will setup SSL in EP for secure communication with HCM system. It all depends on client's requirement.
  We can setup SSL in ABAP system or Java system with/without webdispatcher.
  Hope it answered your question.
  Thanks,
  Siva Kumar
  Edited by: Siva Kumar Arivinti on Jan 11, 2012 6:53 PM