Hi,

Jay SenSharma

Jay SenSharma

Many times we want to secure our WebApplication Resources in such a way that if any Client is trying to access any Resource available as part of our Application using HTTP protocol then It should be automatically be redirected to WebLogic’s Secure port and the protocol should be changed automatically from HTTP to HTTPS.

Example: If a Client is accessing any Page like:
http://localhost:7001/MySecureApp/index.jsp (Where 7001 is HTTP Listen Post of Server)
We want that Client’s request should be automatically change to :
https://localhost:7002/MySecureApp/index.jsp (Where 7002 is HTTPS Secure Post of Server).

Here is a Simple Demonstration to achieve this.

Step1).Create a Directory somewhere in your File System.
Example: “C:MySecureApp”

Step2). Provide the following “index.jsp” page inside “C:MySecureApp”

<html>
<head><title>You are going to redirect to HTTPS port automatically</title><head>
<body bgcolor=maroon text=white>
<center><h1>This is Index.jsp Page....</h1></center>
</body>
</html>

Step3). Create a “WEB-INF” directory inside “C:MySecureApp” and then provide the following “web.xml” file inside it…as following:

<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>SessionTest</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>

Step4). Deploy the Application “MySecureApp” on WebLogic Server…and then Hit the index.jsp Page using HTTP protocol:

http://localhost:7001/MySecureApp/index,jsp

you will see that the URL automatically changes to  https://localhost:7002/MySecureApp/index.jsp

UPDATE:

If you need any one JSP page which should not go be redirect in HTTPS then you can do edit “web.xml” in the following way

<pre><code><!DOCTYPE web-app PUBLIC <span style="color: red;">"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"</span> <span style="color: red;">"http://java.sun.com/dtd/web-app_2_3.dtd"</span>>
<web-app>

   <security-constraint>
      <web-resource-collection>
         <web-resource-name>SecureResource</web-resource-name>
         <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
   </security-constraint>

   <security-constraint>
      <web-resource-collection>
         <web-resource-name>Non-SecureResource</web-resource-name>
         <url-pattern>/test.jsp</url-pattern>
      </web-resource-collection>
      <user-data-constraint>
         <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
   </security-constraint>

</web-app>
</span></code></pre>

The same solution had worked for a users in Oracle forumhttp to https redirect use HttpClusterServlet

.
.
Thanks
Jay SenSharma

If you enjoyed this post, please considerleaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.