• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Getting alert (Do you want to show both secure and non secure items) while accesing site from https.

 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


Hi,

We have our site running in http.Now client asked us to convert it into https.So I have created keystore file and done configuration changes and running the site in https.But after logging I am getting alert like DO YOU WANT TO SHOW SECURE AND NON SECURE ITEMS .I want to avoid that alert to come.What are all the code changes I need to do .Do I need to replac taglibs as they were under http.Iam not understanding.No one is there for me o suggest.Please help

Sample jsp file used I am pasting here.
<%@ page language="java" contentType="text/html; charset=UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@ taglib uri="http://client.sias.gesmallworld.com/dynjsf/core" prefix="dc"%>
<%@ taglib uri="http://client.sias.gesmallworld.com/dynjsf/html_basic" prefix="dh"%>
<%@ taglib uri="http://client.sias.gesmallworld.com/dynjsf" prefix="dyn"%>

<dc:view>
<f:loadBundle basename="Main" var="bundle"/>
<dyn:head themePath="xp" stylesheets="map,menu,component" />
<dyn:body styleClass="background_menu">
<f:verbatim><br class=""></f:verbatim>
<dh:graphicImage value="themes/xp/SIAS41_About.gif" />
<dh:panelGrid columns="2" style="margin-bottom: 5px;">
<dh:outputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dh:outputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dh:outputLabel value="" />
<dh:outputLabel value="#{bundle.lbl_sias}" />
<dh:outputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dh:outputLabel value="" />
<dh:outputLabel value="#{bundle.lbl_version}" />
<dh:outputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dh:outputLabel value="" />
<dh:outputLabel value="#{bundle.lbl_copyright}" />
<dh:outputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dh:outputLabel value="" />
<f:verbatim><hr class="formSeparator" color="green" /></f:verbatim>
<dh:outputLabel value="" />
<dh:form>
<dh:commandButton value="#{bundle.lbl_close}" action="#{InfoBean.deactivate}" />
</dh:form>
</dh:panelGrid>
</dyn:body>
</dc:view>
 
praneeth gajji
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

praneeth gajji wrote:

Hi,

We have our site running in http.Now client asked us to convert it into https.So I have created keystore file and done configuration changes and running the site in https.But after logging I am getting alert like DO YOU WANT TO SHOW SECURE AND NON SECURE ITEMS .I want to avoid that alert to come.What are all the code changes I need to do .Do I need to replac taglibs as they were under http.Iam not understanding.No one is there for me o suggest.Please help

Sample jsp file used I am pasting here.
<%@ page language="java" contentType="text/html; charset=UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@ taglib uri="http://client.sias.gesmallworld.com/dynjsf/core" prefix="dc"%>
<%@ taglib uri="http://client.sias.gesmallworld.com/dynjsf/html_basic" prefix="dh"%>
<%@ taglib uri="http://client.sias.gesmallworld.com/dynjsf" prefix="dyn"%>

<dc:view>
<f:loadBundle basename="Main" var="bundle"/>
<dyn:head themePath="xp" stylesheets="map,menu,component" />
<dyn:body styleClass="background_menu">
<f:verbatim><br class=""></f:verbatim>
<dh:graphicImage value="themes/xp/SIAS41_About.gif" />
<dh:panelGrid columns="2" style="margin-bottom: 5px;">
<dh:outputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dh:outputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dh:outputLabel value="" />
<dh:outputLabel value="#{bundle.lbl_sias}" />
<dh:outputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dh:outputLabel value="" />
<dh:outputLabel value="#{bundle.lbl_version}" />
<dh:outputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dh:outputLabel value="" />
<dh:outputLabel value="#{bundle.lbl_copyright}" />
<dh:outputLabel value="" />
<f:verbatim><br class=""></f:verbatim>
<dh:outputLabel value="" />
<f:verbatim><hr class="formSeparator" color="green" /></f:verbatim>
<dh:outputLabel value="" />
<dh:form>
<dh:commandButton value="#{bundle.lbl_close}" action="#{InfoBean.deactivate}" />
</dh:form>
</dh:panelGrid>
</dyn:body>
</dc:view>

 
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please don't "bump" posts. Especially don't "bump" posts by repeating them. As a 100% free volunteer community resource we aren't all standing by 24x7 to answer questions. We have to sleep, work, and watch reality TV (or something), so you just have to wait for the Earth to turn to its proper orientation.

This wonderful little message that's a pretty string indicator that you're using IE as your web client means pretty much what it says, and it's really not a JSF thing, it's a general web thing.

In the laughable attempt to make you feel that your web-surfing experience is secure using IE, they display this message any time that a page fetched using the HTTPS protocol contains one or more links or forms accessed via the HTTP protocol. The idea is that someone might intercept one of these unencrypted requests and insert Bad Things. Which is the least of your problems when using IE, but at least they tried.

To eliminate the message (short of eliminating IE), recode all of the URLs in your page definition to use https instead of http.
 
praneeth gajji
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you very much for your suggestion.I tried editing all links to https ,but it didnt worked for me , In my project I have TLDs which all referenced to http sites,do I need to repace all tlds. Is there a way to make IE show both secure and non secure items by default instead of getting alert.Please suggest I am trying out with this from almost a week.Thanks in advance.....
 
Tim Holloway
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Your best bet on that would be Google, I think. It's a common annoyance, so I have no doubt that a lot of people have asked this question, and I'm sure that some of them have gotten decent answers. Whether it's the answer you want is another matter.

I go for weeks at a time without booting up Windows, but I'm fairly sure that the web security manager tab in IE allows the user to select whether this warning is displayed. The catch is that the user has to do this, and do it manually. It would defeat the whole point of having a security warning if the server was capable of shutting it off silently and automatically. The closest that you're likely to get to that is in the case where the site is in-house and you can persuade the LAN administrators to remotely deploy the appropriate registry settings to everyone's desktop. That wouldn't work for people accessing the server from outside the LAN, though.

In any event, if you are linking to non-secure external sites that you have no control over, it's a legitimate thing for the browser to issue a warning, since that is, in fact a security concern. I believe that it may even make your web users more vulnerable to cross-site scripting (XSS) attack.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic