Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Remote Application Platform (RAP) » RAP, Tomcat and SSL
RAP, Tomcat and SSL [message #478764] Thu, 06 August 2009 14:32 Go to next message
Benjamin Wolff is currently offline Benjamin Wolff
Messages: 111
Registered: July 2009
Senior Member
Hi,


using Tomcat as container and enabling SSL leads to error, that the browser that
accesses the RAP app reports that there is mixed content, meaning that there are
some sources that are not encrypted. this causes the page to be displayed as not-secure.

there already was a topic about a similar problem in this newsgroup, but this time
this happens with firefox (3.5.2) as well as with IE 8. the ssl encryption works because
when accessing the tomcat html manager the site is correctly marked as secure and encrypted.

related qooxdoo bugs can be found here:

http://bugzilla.qooxdoo.org/show_bug.cgi?id=1021
http://bugzilla.qooxdoo.org/show_bug.cgi?id=890
http://bugzilla.qooxdoo.org/show_bug.cgi?id=710

but strange is that this problem also occures with firefox.
i don't use any absolute paths or redirects to possibly unsecure http links...
i do use .png, .gif and .jpg pictures though.

i could not track down the ressources which the browser blames to be unsafe,
maybe anyone can confirm this problem, or maybe someone has a clean ssl/tomcat environment
and could explain his setup so we can track down any differences?!

can we excluded, that RAP loads any 'unsecure' elements?!


greetings,

ben
Re: RAP, Tomcat and SSL [message #478776 is a reply to message #478764] Thu, 06 August 2009 15:15 Go to previous messageGo to next message
Benjamin Wolff is currently offline Benjamin Wolff
Messages: 111
Registered: July 2009
Senior Member
Hello again,


i could figure out what caused this behaviour. i'm using the (gorgeous) google visualization
example from the inqle project by David Donohue.

in the file org.inqle.ui.google.widgets/src/org/inqle/ui/google/jsapi/Go ogleAPIResource.java
there is a link to the google json api (location = "http://www.google.com/jsapi";) which
is loaded during startup, thus causing the non-secure content in the browser.

to workaround this problem the location has to be changed to a secure source: location = "https://www.google.com/jsapi";

done! :)




Benjamin Wolff schrieb:
> Hi,
>
>
> using Tomcat as container and enabling SSL leads to error, that the
> browser that
> accesses the RAP app reports that there is mixed content, meaning that
> there are
> some sources that are not encrypted. this causes the page to be
> displayed as not-secure.
>
> there already was a topic about a similar problem in this newsgroup, but
> this time
> this happens with firefox (3.5.2) as well as with IE 8. the ssl
> encryption works because
> when accessing the tomcat html manager the site is correctly marked as
> secure and encrypted.
>
> related qooxdoo bugs can be found here:
>
> http://bugzilla.qooxdoo.org/show_bug.cgi?id=1021
> http://bugzilla.qooxdoo.org/show_bug.cgi?id=890
> http://bugzilla.qooxdoo.org/show_bug.cgi?id=710
>
> but strange is that this problem also occures with firefox.
> i don't use any absolute paths or redirects to possibly unsecure http
> links...
> i do use .png, .gif and .jpg pictures though.
>
> i could not track down the ressources which the browser blames to be
> unsafe,
> maybe anyone can confirm this problem, or maybe someone has a clean
> ssl/tomcat environment
> and could explain his setup so we can track down any differences?!
>
> can we excluded, that RAP loads any 'unsecure' elements?!
>
>
> greetings,
>
> ben
Re: RAP, Tomcat and SSL [message #478848 is a reply to message #478764] Fri, 07 August 2009 04:51 Go to previous messageGo to next message
Stefan   is currently offline Stefan
Messages: 316
Registered: July 2009
Senior Member
The current RAP-Version still has a problem with css background-images
in IE when running under SSL. See this bug

https://bugs.eclipse.org/bugs/show_bug.cgi?id=285815
Invisible Widgets with BackgroundImage causes an unsecure content
warning in IE using SSL

Regards,
Stefan.

Benjamin Wolff schrieb:
> Hi,
>
>
> using Tomcat as container and enabling SSL leads to error, that the
> browser that
> accesses the RAP app reports that there is mixed content, meaning that
> there are
> some sources that are not encrypted. this causes the page to be
> displayed as not-secure.
>
> there already was a topic about a similar problem in this newsgroup, but
> this time
> this happens with firefox (3.5.2) as well as with IE 8. the ssl
> encryption works because
> when accessing the tomcat html manager the site is correctly marked as
> secure and encrypted.
>
> related qooxdoo bugs can be found here:
>
> http://bugzilla.qooxdoo.org/show_bug.cgi?id=1021
> http://bugzilla.qooxdoo.org/show_bug.cgi?id=890
> http://bugzilla.qooxdoo.org/show_bug.cgi?id=710
>
> but strange is that this problem also occures with firefox.
> i don't use any absolute paths or redirects to possibly unsecure http
> links...
> i do use .png, .gif and .jpg pictures though.
>
> i could not track down the ressources which the browser blames to be
> unsafe,
> maybe anyone can confirm this problem, or maybe someone has a clean
> ssl/tomcat environment
> and could explain his setup so we can track down any differences?!
>
> can we excluded, that RAP loads any 'unsecure' elements?!
>
>
> greetings,
>
> ben
Re: RAP, Tomcat and SSL [message #1076396 is a reply to message #478848] Wed, 31 July 2013 06:14 Go to previous messageGo to next message
Arnaud MERGEY is currently offline Arnaud MERGEY
Messages: 128
Registered: March 2010
Location: France
Senior Member
Hello,

It seems that since 2.1, the mixed content warning in IE8 is here again.

I tested with rap demo app, in 2.0 no warning, in 2.1 there is a warning, it seems to be the case with any RAP application

There are no warnings with IE 9 or 10

Is it worth it to investigate possible cause for this ? and fill a bug ? (some possible cause in this post comments http://blog.httpwatch.com/2009/09/17/even-more-problems-with-the-ie-8-mixed-content-warning/)

Bestregards
Re: RAP, Tomcat and SSL [message #1077123 is a reply to message #1076396] Thu, 01 August 2013 05:17 Go to previous message
Ralf Sternberg is currently offline Ralf Sternberg
Messages: 1290
Registered: July 2009
Senior Member

Hi Arnaud,

I'm afraid we have to live with IE8 a while longer. So yes, please open
a new bug for this issue. If you can help investigating the cause of
this warning, that would be very appreciated.

Best regards,
Ralf

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/
Previous Topic:error occurs occasionally when using MARKUP_ENABLED img tag
Next Topic:TableColumn align problem.
Goto Forum:
  


Current Time: Fri Aug 01 20:43:39 EDT 2014

Powered by FUDForum. Page generated in 0.02231 seconds