I've not tried doing this, but after looking around, I would attempt the
following as a non-invasive way of making this work.
http://www.coderanch.com/t/413965/Servlets/java/Force-URL-redirect-from-http
Create a security constraint in your web.xml, that will force certain URLs to
use a secure transport.
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL Pages</web-resource-name>
<url-pattern>/ldap-login*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
If this doesn't work, the next best option would be to write a servlet filter
that checks for secure transport, and redirects if it isn't - then map it to
the login pages in the web.xml.
Graham Triggs
Technical Architect
Open Repository
http://www.openrepository.com/
-----Original Message-----
From: Wynne, David [mailto:d.wy...@ljmu.ac.uk]
Sent: Fri 16-Oct-09 14:52
To: dspace-tech@lists.sourceforge.net
Subject: [Dspace-tech] DSpace & secure passwords
Apologies for posting ag a in so quickly.
I've now got DSpace working with LDAP ( Active Direstory )
But the login page just uses HTTP, which I am concerned about as my main
Uni password will be passed unencrypted.
1. I enabled HTTPS in th e tomcat server.xml file.
2. I generated a certificate using keytool
3. I now have HTTPS enabled in Tomcat 6 on Port 8443
My questyion is how to force the login page to use:
https://dspace.cms.livjm.ac.uk:8443/jspui/ldap-login
Not bothered about the whole of DSpace using HTTPS just the login.
Tried:
xmlui.force.ssl = true
In dspace.cfg, but that doesn't do it.
Also since setting LDAP to work I can't get the local administrator
username / password that I setup when I initially setup DSpace (
d.s.will...@ljmu.ac.uk ).
2009-10-16 14:43:20,855 INFO
org.dspace.authenticate.LDAPHierarchicalAuthentication @
anonymous:session_id=E841C1A380011133295B5204F4A74449:ip_addr=150.204.48
.5:auth:attempting trivial auth of user=d.s.will...@ljmu.ac.uk
2009-10-16 14:43:20,936 INFO
org.dspace.authenticate.LDAPHierarchicalAuthentication @
anonymous:session_id=E841C1A380011133295B5204F4A74449:ip_addr=150.204.48
.5:failed_login:no DN found for user d.s.will...@ljmu.ac.uk
2009-10-16 14:43:20,936 INFO org.dspace.app.webui.servlet.LDAPServlet @
anonymous:session_id=E841C1A380011133295B5204F4A74449:ip_addr=150.204.48
.5:failed_login:netid=d.s.will...@ljmu.ac.uk, result=2
I read about the Stackable Authenication in dspace.cfg & I've got both:
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.PasswordAuthentication
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.LDAPHierarchicalAuthentication
But is doesn't seem to use the first one which I believe is for "local"
accounts.
Thanks
Dave Wynne
Senior Technical Officer
School of Computing and Maths
Liverpool John Moores University
Byrom Street
Liverpool L2 2AF
E-Mail: d.wy...@ljmu.ac.uk
Tel:0151-231-2108
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
