> Ron -
>
> Thanks for the info, it was very informative. Is
> there a way to fix it on my side, or does it have to
> do with the certificate signer (GoDaddy in this
> case)?
As far as I can tell, there is nothing to fix. The appserver correctly determined
that the client attempted a non-SSL access to a resource that requires SSL (e.g. is covered by a user-data-constraint with transport-guarantee == confidential).
The appserver logged a msg to indicate that the non-SSL access was not allowed, but then it redirected the client to the SSL port, which caused the client/browser to retry the request using ssl, and apparently that request succeeded.
as noted earlier, the "no signer certificates" part of the log info, is just reporting that the code corresponding to the protection domain being check for the permission was not signed. This is detail is not significant for this particular permission check, but it may be for other permission checks, all of which are performed by the same piece of code.
In the next rev of the appserver, I will recommend that we add failed webuserdatapermission checks to the set of failed permission checks that are not logged.
imo, there is nothing you need do, and as far as I can tell, the system is operating correctly, but it is logggin an info msg that looks like a problem, or at least is difficult to understand. I think we can disable this particular log msg, and I will recommend that we do so.
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=264109