1 Reply Latest reply: Nov 1, 2012 9:35 PM by Kalyan Pasupuleti-Oracle RSS

    Enabling/Disabling SSL for Servlet through admin console

    user700370
      We have a HTTPPost Servlet deployed on weblogic server. We want to let the administrator at customer site enable SSL for this servlet if they want to. How can this be done in the admin console? If we add the following in web.xml, then they will be forced to use SSL. Is there a way to disable SSL in that case?

      <security-constraint>
      ...
      <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      ...
      </security-constraint>

      Thanks,
      Sreedhar
        • 1. Re: Enabling/Disabling SSL for Servlet through admin console
          Kalyan Pasupuleti-Oracle
          Hi Sridhar,


          Setting 'transport-guarantee' to CONFIDENTIAL or INTEGRAL in web.xml. With that set, WebLogic Server will automatically redirect a client to the HTTPS port if the original request was over HTTP.

          The 'transport-guarantee' element specifies the type of communication with the client application on the WebLogic server.

          The value of this element is either NONE, INTEGRAL, or CONFIDENTIAL. NONE means that the application does not require any transport guarantees. A value of INTEGRAL means that the application requires that the data sent between the client and server be sent in such a way that it cannot be changed in transit. CONFIDENTIAL means that the application requires that the data be transmitted in a way that prevents other entities from observing the contents of the transmission. The presence of the INTEGRAL or CONFIDENTIAL flag indicates that the use of SSL is required.


          So I dont think it is possible for now.

          Regards,
          Kal