• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

Problem displaying images in HTTPS

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
I am using SSL to display a container managed, form-based Login.jsp. The page displays fine as long as I do not include the company image file, but when I include the image file, I am presented with the pop-up asking me if I wish to display non-secure data. The image file is located in the same directory as my secure Login.jsp, yet the browser does not believe that it is secure. Any ideas would be appreciated!
===
excerpts of Login.jsp and web.xml:
Login.jsp excerpt:
<body>
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
<img src="imagessl.gif" >
<label><strong>UserName:</strong>
<input name="j_username" type="text" id="j_username">
...etc
web.xml excerpt:
<!-- SSL Security Setup -->
<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/web/ssl_jsps/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>registered</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
etc...
 
author
Posts: 3252
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sanity check -- verify that are you really using HTTPS. Otherwise try specifying an explicit path to the image, starting with "https://".
By the way, you shouldn't need the call to encodeURL, as the application server can use HTTPS to keep track of the session.
- Peter
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic