Hello,
I am using SSL to display a container managed, form-based Login.jsp. The page displays fine as long as I do not include the company image file, but when I include the image file, I am presented with the pop-up asking me if I wish to display non-secure data. The image file is located in the same directory as my secure Login.jsp, yet the browser does not believe that it is secure. Any ideas would be appreciated!
===
excerpts of Login.jsp and web.xml:
Login.jsp excerpt:
<body>
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
<img src="imagessl.gif" >
<label><strong>UserName:</strong>
<input name="j_username" type="text" id="j_username">
...etc
web.xml excerpt:
<!-- SSL Security Setup -->
<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/web/ssl_jsps/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>registered</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
etc...

Sanity check -- verify that are you really using HTTPS. Otherwise try specifying an explicit path to the image, starting with "https://".
By the way, you shouldn't need the call to encodeURL, as the application server can use HTTPS to keep track of the session.
- Peter