If you “view source” on the page that Woodstock generates, you will see the following line:

</span><code><script type="text/javascript" src="/app/theme/com/sun/webui/jsf/suntheme4_2-080320/javascript/bootstrap.js"></code><span style="font-family: Georgia,'Times New Roman','Bitstream Charter',Times,serif; font-size: 13px; line-height: 19px;">

Now if you change that line to:



</span><code><script type="text/javascript" src="https://www.yourserver.com:8443/ app/theme/com/sun/webui/jsf/suntheme4_2-080320/javascript/bootstrap.js"></code><span style="font-family: Georgia,'Times New Roman','Bitstream Charter',Times,serif; font-size: 13px; line-height: 19px;">

The site will now work under HTTPS without any security warnings. Obviously, this cannot be done straightforward because this piece of HTML code is generated by the Woodstock library. The solution we have implemented to resolve this problem is to change the code in the Woodstock library that generates the HTML header of the pages. The following solution is not the most elegant solution; it’s more of a simple workaround to solve this problem in production environment:

1. Open the Woodstock project web site, https://woodstock.dev.java.net/index.html, and go to “Build it Yourself.”
2. Follow the instructions on the “Build it Yourself” page to register and get a CVS access to download the framework source code. The CVS URL will be something like: :pserver:username@cvs.dev.java.net:/cvs. You don’t need NetBeans 5.5, as it is written in the compile instructions.
3. Open the CVS repository with NetBeans and check out the module “woodstock/webui” and branch “Release42″ as a new project.
4. Open the project and edit the “JavaScriptUtilities.java” file in package com.sun.webui.jsf.util in “src/runtime” folder.
5. In method “renderJavaScriptInclude”   change line 578 from:


   </span><code>String jsFile = getTheme().getPathToJSFile(file);</code><span style="font-family: Georgia,'Times New Roman','Bitstream Charter',Times,serif; font-size: 13px; line-height: 19px;">

   To:


   </span><code>String jsFile = "https://www.yourserver.com:8443" + getTheme().getPathToJSFile(file);</code><span style="font-family: Georgia,'Times New Roman','Bitstream Charter',Times,serif; font-size: 13px; line-height: 19px;">

6. Save the file and rebuild the project. During compile, you might notice a lot of warnings, etc – just ignore them.
7. Copy and overwrite the newly compiled webui-jsf.jar and webui-jsf-dt.jar from the Woodstock source code folder “woodstockwebuidist” to the NetBeans subfolder. “visualweb2modulesext”. Keep a copy of the original jar files (see below).
8. Rebuild your WAR file and deploy it on the HTTPS server.

There you go. You should now have your website working under IE with no security warnings. Note that the newly compiled .jar files will work only on the server URL you define in Step 5. They won’t work in localhost development environment, so you might want to change with original .jar files during development phase. Cheers.