Tuesday, August 19, 2008

Tip - Switch from http:// to https:// for secured webpages

If you enable SSL support for your web application, you may want them to be accessed only through https: protocol. 

I've two webpages, index.jsp and profile.jsp. index.jsp is non-secured where as profile.jsp is secured and is placed under /secured/ folder of the web application. In the web.xml file I've made the following entries to protect pages under /secured/ folder:

I define following simple rule in vroom-config.xml file to automatically switch the protocol from http: to https:

After the above to configurations, my application is set to handle http: to https: automatic switching. I deploy the application to GlassFish where SSL is already configured.

When I access / or /index.jsp which is non-secured resource, I get the following output:

I type url to access /secured/profile.jsp which is secured:

Once I hit submit button, I receive the following page which is served using https: protocol, observe the protocol and port underlined in red.

That's all you need to make it work.

No comments: