I need to secure my application on Oracle application server 10g. SSL is enabled and we have a certificate deployed on that server. the web.xml states the following
<security-constraint>
<web-resource-collection>
<web-resource-name>form</web-resource-name>
<url-pattern>*.do</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>{{PUBLIC}}</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>{{PUBLIC}}</role-name>
</security-role>
I'm using j_security_check in login.jsp . the problem is i need to redirect users from http to https
http://www.myserver.com/myapp to https://www.myserver.com/myapp
so i tried to use redirect rules and rewrite rule in appache but it didn't work i still have the same error
403 Forbidden
SSL (https) required for access
Is there any reason that rewrite rule or the redirect rule not working with j_security_check ?