Its hard to leave out Apache out of the solution for what your  
attempting.  Our solution in Apache on dspace.mit.edu looks like...

dspace.mit.edu.conf...

> ## SSL Virtual Host Context
> <VirtualHost 18.51.3.32:443>
>
...

>        RewriteEngine on
>
>        RewriteCond   %{REQUEST_URI}    !^/dspace-xmlui.*
>        RewriteCond   %{REQUEST_URI}    !^/dspace-lni.*
>        RewriteCond   %{REQUEST_URI}    !^/dspace-srw.*
>        RewriteCond   %{REQUEST_URI}    !^/certificate-login.*
>        RewriteCond   %{REQUEST_URI}    !^/password-login.*
>        RewriteRule   ^/(.*)  http://%{HTTP_HOST}/$1 [L,R]
>
...

>        JkMount / ajp13
>        JkMount /* ajp13
>
> </VirtualHost>
>
> <VirtualHost 18.51.3.32:80>

...

>         RewriteEngine on
>
>         RewriteCond   %{REQUEST_URI}    ^/dspace-xmlui.* [OR]
>         RewriteCond   %{REQUEST_URI}    ^/dspace-lni.* [OR]
>         RewriteCond   %{REQUEST_URI}    ^/certificate-login.* [OR]
>         RewriteCond   %{REQUEST_URI}    ^/password-login.*
>         RewriteRule   ^/(.*)  https://%{HTTP_HOST}/$1 [L,R]
>
>         SSLEngine off
>
>         JkOptions +ForwardURIEscaped
>
>         JkMount / ajp13
>         JkMount /* ajp13
>
> </VirtualHost>


This allows us to control which portions of the site are under https  
and which are under http, paths that need to be redirected from http  
to https are in the :80 VirtualHost, paths that should never be  
redirected out of https are identified in the :443 Virtualhost, for  
instance, we always want to have LNI be under https, so we setup  
"RewriteCond   %{REQUEST_URI}    !^/dspace-lni.*" to keep it in  
https, and "RewriteCond   %{REQUEST_URI}    ^/dspace-lni.* [OR]" to  
assure that any request over http gets redirected.

Cheers,
Mark

On Mar 13, 2008, at 2:07 AM, Jayan Chirayath Kurian wrote:

> Thanks Mathias.
>
>
>
> http://sunsite.utk.edu/diglib/dspace/#handle
>
>
>
> This may be of help for handle installation.
>
> From: Mathias Hjelt [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 13, 2008 5:00 PM
> To: Jayan Chirayath Kurian; dspace-tech@lists.sourceforge.net
> Subject: RE: [Dspace-tech] Forcing HTTP for everything except login
>
>
>
> Jayan,
>
>
>
> I can’t see how HTTPS would affect OAI-PMH as long as your Tomcat  
> is configured with both HTTP and HTTPS connectors. You’ll get  
> problems only if you disable the plain HTTP connector altogether  
> (OAI-PMH needs to run over plain HTTP as far as I know)
>
>
>
> -mathias
>
>
>
>
>
> From: Jayan Chirayath Kurian [mailto:[EMAIL PROTECTED]
> Sent: 11. maaliskuuta 2008 12:49
> To: Mathias Hjelt; dspace-tech@lists.sourceforge.net
> Subject: RE: [Dspace-tech] Forcing HTTP for everything except login
>
>
>
> Hello,
>
> I too had experienced the same redirection issue. Have not started  
> using HTTPS since I am not sure whether this will have an impact on  
> using OAI-PMH. Please comment.
>
>
>
> From: [EMAIL PROTECTED] on behalf of  
> Mathias Hjelt
> Sent: Tue 3/11/2008 6:43 PM
> To: dspace-tech@lists.sourceforge.net
> Subject: [Dspace-tech] Forcing HTTP for everything except login
>
> Hello
>
> Using DSpace 1.4.2 and Tomcat5, I enabled HTTPS for the password- 
> related
> pages/servlets by following the instructions at
> http://wiki.dspace.org/index.php/ServletSecurity. This works fairly
> well, i.e. the user is automatically redirected to HTTPS while logging
> in, and after successful authentication he somehow gets redirected  
> back
> to plain HTTP.
>
> However, in some situations the user gets "stuck" on the https site
> (which causes an unnecessary burden on the server). E.g. if an
> authenticated user clicks on Edit Profile (/profile) servlet, he's
> redirected to HTTPS and never gets back to HTTP.
>
> Does anyone have a neat and easy solution to this? Or an  
> explanation of
> how the redirecting-back-to-http-after-logging-in is implemented?
>
> (I know that this issue could be avoided by doing the entire SSL thing
> in Apache running a mod_jk connector as a front-end for Tomcat, but  
> I'd
> like to keep the setup nice and clean -- which means leaving Apache  
> out
> of the game.)
>
> Best regards
>
> Mathias Hjelt
>
>
>
> ---------------------------------------------------------------------- 
> ---
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>
> ---------------------------------------------------------------------- 
> ---
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ 
> _______________________________________________
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Reply via email to