• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

servlet response does not show ssl insignia

 
Josef Stern
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using SSL on a web page where a customer makes a purchase. The page itself displays the proper insignia of an SSL connection. However, when my servlet makes a response, I do not see the SSL insignia. I fear that I am missing something, or that I am not maintaining an SSL connection throughout the process.

When the browser displays my page, purchase.html, it indicates that an SSL connection has been made: 1) the name of my site appears in the url line, and 2) the padlock symbol appears in the lower right corner of the browser. If I hover the cursor over either the url prefix or the padlock, I see the message “verified by GeoTrust”. So this looks good.

The customer presses the Submit button, and the page does a post, calling my servlet with an https url. The servlet understands what the page sends, and responds with html code. But I do not see the SSL insignia in the response page. I see “https” in the url, and the full url call to the servlet:

https://www.mysite.com/MyProject/MyPackage/MyServlet

But I do not see the name of my site prefixing the url, and the padlock in the lower right is broken. If I cursor hover over the padlock, I get the message “warning: contains unauthenticated content”.

If I press the back page button of the browser at this point, I return to purchase.html, and it shows the proper insignia of an SSL connection. I press the Submit button again, and my servlet responds with an https url, but without the insignia.

I am concerned that I am losing the encrypted connection when sending a servlet response. The response does not contain any confidential information. But I do not like the disappearance of the insignia.

Is this normal behavior, or is there a lapse in the SSL connection? If this is a lapse, what must I do to make the servlet response show that it is truly SSL encrypted and verified? I don’t think that I need to see Java code at this point. I think that I need some higher level guidance on what I should be doing to maintain SSL throughout the purchase process.

Thanks again for all your help,
Josef


 
Josef Stern
Greenhorn
Posts: 9
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I found the problem. One of the html lines of my response was loading an image from my website. The reference to the image was a hard-coded "http://*******". I changed that reference to "https://*******", and that corrected the problem. With that change, the servlet response showed all the proper insignia of SSL encryption.

Apparently the single reference to this image with "http:" was enough to make the browser regard the html source as insecure. Once the reference became "https:", the browser regarded the response as secure.

Josef
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for taking the time to drop the solution
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65335
97
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why are you including either of http or https in an image URL? Is the image coming from a remote web application or the same web application?
 
Josef Stern
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am loading an image into my response (the banner that appears at the top of all my web pages).

Before:
<img src="http://www.mysite.com/graphics/banner.jpg" width="800" height="120" />

After:
<img src="https://www.mysite.com/graphics/banner.jpg" width="800" height="120" />

So the image resides within my web site. It is not "created" by the servlet, but is used by the servlet. There is probably a better way (relative path, rather than full url path) to specify banner.jpg's location, but I was being quick & dirty about getting to the image.

Josef

 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65335
97
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Quick and dirty usually causes problems. As it did in this case.

If the images are from the same web app, the URLs should be server-relative, not absolute, and you would not have even run into this problem.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic