This Page Contains Both Secure and Nonsecure Items: Say it ain't so!

Oh, hi there, and welcome back to our corner of the internet boys and girls.  Today we're going to talk about ALBPM 6.0, SSL, and mixed content messages.  Can you say, "ALBPM 6.0, SSL, and mixed content messages"?  I knew you could.

Anyhow, if you're running portal + ALBPM over SSL, you're likely going to see the following annoying pop-up when you try to access the BPM Workspace community:
security_message.png
While allowing SSL and non-SSL content to both be displayed isn't the end of the world, those pesky users might get annoyed at having to click a pop-up dialog every time they try to access their workflows.  But never fear, your friends from Function1 are here to help you, and your users.
What's Going On
The root of the problem here is that the BPM workspace page is trying to load both SSL and non-SSL content, and your browser is warning you that somebody might be trying to do something malicious.  This might occur if a page being served over SSL has a link to a non-SSL image, i.e. <img src="http://myMaliciousSite.com/bad_news_for_you.gif">, or, as is the case with ALBPM, the page has some iframes that are pointing to a non-SSL source, i.e.: <iframe src="http://imGonnaGetchaSucka.com/lolz.html">
Great, But What's A Well-Intentioned Person Like Myself To Do?
Good question, with two answers:
  • Report the bug to Oracle support and wait for a fix or the next maintenance release
  • Fix it yourself
If you're still reading, I'm assuming that you're interested in fixing this problem yourself.  Good for you, you'll be up and running in no time.  Just do the following:
1) Find the following files and back them up:
$ALBPM6_HOME/enterprise/webapps/workspace/jsf/common/executionDialog.xhtml
$ALBPM6_HOME/enterprise/webapps/workspace/jsf/view/attachDetails.xhtml
2) Create a blank HTML page and put it out on your imageserver as something like:
$IMAGE_SERVER_HOME/plumtree/common/custom/foo.html
Again, you shouldn't have any content in your "foo.html", just a set of  "<HTML></HTML>" tags will do fine.
3) Open up the files I asked you to back up and search for "iframe".  You'll see that there are several iframes that have a source set to empty string, i.e. "<iframe src="">"; this is a problem.  Just update the files and set the source attribute of all iframes to your dummy html page like this:
<iframe src="pt://images/plumtree/custom/foo.html">
4) Bounce the BPM workspace container
5) Party like it's 1999.
Hope somebody out there finds this useful....
Until next time, cheers.
Stay In Touch