2

I have a GWT app, I'm using the MVP4G framework. I'm able to pull up my app just fine if I use HTTP. However, when I try to open it using HTTPS it does not work. My entire site works fine with the SSL certificate I have.

Is there a particular configuration that I need to enable when I compile GWT? Or is there something I need to do in my apache configuration? Any help would be greatly appreciated, thank you.

scriptgeeky
  • 185
  • 1
  • 2
  • 8

1 Answers1

0

SSL should not affect your application, because SSL runs on an other Layer.

To configure HTTPS you must set the security constraints in web.xml and connect to "https://" afterwards not to "http://". If you connect to "http://" you receive a blank page.

<security-constraint>
    <web-resource-collection>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
Sam
  • 2,707
  • 1
  • 23
  • 32
  • It's a bit more subtle that this. The transport guarantees on the server side are good, but don't prevent active MITM attacks, since they're enforced only once the request reaches the server (possibly via a MITM attacker). (See [this](http://webmasters.stackexchange.com/a/28443/11628).) You do need (a) to make your users aware that they should expect HTTPS and (b) make sure your links use `https://`. This being said, the application can easily use relative links (once over https) to fix this indeed. – Bruno May 04 '12 at 10:48
  • 1
    Yes Bruno, you are right. To prefent versus MITM attack you have to implement the whole usage of SSL correctly. but that was not the question, Alan's question was, why he doesn't see anything when he is running his app. – Sam May 05 '12 at 09:18