Hello Mark, To enable this on a Windows machine are there any related documentation available. Thanks, Jayan
-----Original Message----- From: Mark Diggory [mailto:[EMAIL PROTECTED] Sent: Friday, March 14, 2008 2:19 AM To: Jayan Chirayath Kurian Cc: Mathias Hjelt; dspace-tech@lists.sourceforge.net Subject: Re: [Dspace-tech] Forcing HTTP for everything except login Its hard to leave out Apache out of the solution for what your attempting. Our solution in Apache on dspace.mit.edu looks like... dspace.mit.edu.conf... > ## SSL Virtual Host Context > <VirtualHost 18.51.3.32:443> > ... > RewriteEngine on > > RewriteCond %{REQUEST_URI} !^/dspace-xmlui.* > RewriteCond %{REQUEST_URI} !^/dspace-lni.* > RewriteCond %{REQUEST_URI} !^/dspace-srw.* > RewriteCond %{REQUEST_URI} !^/certificate-login.* > RewriteCond %{REQUEST_URI} !^/password-login.* > RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [L,R] > ... > JkMount / ajp13 > JkMount /* ajp13 > > </VirtualHost> > > <VirtualHost 18.51.3.32:80> ... > RewriteEngine on > > RewriteCond %{REQUEST_URI} ^/dspace-xmlui.* [OR] > RewriteCond %{REQUEST_URI} ^/dspace-lni.* [OR] > RewriteCond %{REQUEST_URI} ^/certificate-login.* [OR] > RewriteCond %{REQUEST_URI} ^/password-login.* > RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R] > > SSLEngine off > > JkOptions +ForwardURIEscaped > > JkMount / ajp13 > JkMount /* ajp13 > > </VirtualHost> This allows us to control which portions of the site are under https and which are under http, paths that need to be redirected from http to https are in the :80 VirtualHost, paths that should never be redirected out of https are identified in the :443 Virtualhost, for instance, we always want to have LNI be under https, so we setup "RewriteCond %{REQUEST_URI} !^/dspace-lni.*" to keep it in https, and "RewriteCond %{REQUEST_URI} ^/dspace-lni.* [OR]" to assure that any request over http gets redirected. Cheers, Mark On Mar 13, 2008, at 2:07 AM, Jayan Chirayath Kurian wrote: > Thanks Mathias. > > > > http://sunsite.utk.edu/diglib/dspace/#handle > > > > This may be of help for handle installation. > > From: Mathias Hjelt [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 13, 2008 5:00 PM > To: Jayan Chirayath Kurian; dspace-tech@lists.sourceforge.net > Subject: RE: [Dspace-tech] Forcing HTTP for everything except login > > > > Jayan, > > > > I can't see how HTTPS would affect OAI-PMH as long as your Tomcat > is configured with both HTTP and HTTPS connectors. You'll get > problems only if you disable the plain HTTP connector altogether > (OAI-PMH needs to run over plain HTTP as far as I know) > > > > -mathias > > > > > > From: Jayan Chirayath Kurian [mailto:[EMAIL PROTECTED] > Sent: 11. maaliskuuta 2008 12:49 > To: Mathias Hjelt; dspace-tech@lists.sourceforge.net > Subject: RE: [Dspace-tech] Forcing HTTP for everything except login > > > > Hello, > > I too had experienced the same redirection issue. Have not started > using HTTPS since I am not sure whether this will have an impact on > using OAI-PMH. Please comment. > > > > From: [EMAIL PROTECTED] on behalf of > Mathias Hjelt > Sent: Tue 3/11/2008 6:43 PM > To: dspace-tech@lists.sourceforge.net > Subject: [Dspace-tech] Forcing HTTP for everything except login > > Hello > > Using DSpace 1.4.2 and Tomcat5, I enabled HTTPS for the password- > related > pages/servlets by following the instructions at > http://wiki.dspace.org/index.php/ServletSecurity. This works fairly > well, i.e. the user is automatically redirected to HTTPS while logging > in, and after successful authentication he somehow gets redirected > back > to plain HTTP. > > However, in some situations the user gets "stuck" on the https site > (which causes an unnecessary burden on the server). E.g. if an > authenticated user clicks on Edit Profile (/profile) servlet, he's > redirected to HTTPS and never gets back to HTTP. > > Does anyone have a neat and easy solution to this? Or an > explanation of > how the redirecting-back-to-http-after-logging-in is implemented? > > (I know that this issue could be avoided by doing the entire SSL thing > in Apache running a mod_jk connector as a front-end for Tomcat, but > I'd > like to keep the setup nice and clean -- which means leaving Apache > out > of the game.) > > Best regards > > Mathias Hjelt > > > > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > DSpace-tech mailing list > DSpace-tech@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > DSpace-tech mailing list > DSpace-tech@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspace-tech ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
