RE: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port redirection

Fri, 25 Jan 2002 09:48:01 -0800 

For your information, 
afeter many patches ,
I get it to work...

the problem was quite stupid, but hard to guess
without the debug mode of catalina:

you have to configure the support of HTTPS URL...
ie add to jboss.properties the line:
#JSSE https URL support
java.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol

this should be stored in a FAQ or in a cookbook

then the redirectport of catalina works...

that's magic....



I've made many patches, to support redirectPort parameter,
to add a "none" type of connector so you can
create all from the config attribute,
to support xerces and any XML parser...

but for your needs you have nothing to change, since
you can configure a secure HTTP connector as the default
connector, and add an HTTP connector that have
a redirectport to the secure port...


now I use this test config that
define 2 http/https pair of connector, but one pait is enough for you

  <!-- Embedded Tomcat 4.x - JBossSX SecurityDomain (JaasSecurityDomain) -->
  <mbean code="org.jboss.security.plugins.JaasSecurityDomain" 
     name="Security:name=JaasSecurityDomain,domain=tomcat">
    <constructor>
      <arg type="java.lang.String" value="tomcat" />
    </constructor>
    <attribute name="KeyStoreURL">../conf/tomcat.jks</attribute>
    <attribute name="KeyStorePass">changeit</attribute>
  </mbean>


  <!-- Uncomment to add embedded catalina service -->
  <mbean code="org.jboss.web.catalina.EmbeddedCatalinaServiceSX"
name="DefaultDomain:service=EmbeddedTomcat" >
    <attribute name="ConnectorType">http</attribute>

    <!-- an HTTP connector associated with an HTTPS configured in the config
attribute -->
    <!--attribute name="Port">80</attribute>
    <attribute name="RedirectPort">443</attribute -->

    <!-- an HTTPS connector associated with an HTTP configured in the config
attribute,
       redirectPort should be set there -->
    <attribute name="Port">443</attribute>
    <attribute name="SecurityDomain">java:/jaas/tomcat</attribute>

    <attribute name="Config">
      <Connector
className="org.apache.catalina.connector.http.HttpConnector"
               port="80" minProcessors="5" maxProcessors="75"
               enableLookups="true" redirectPort="443"
               acceptCount="10" debug="1" connectionTimeout="60000"/>
    </attribute>
    <attribute name="Config">
    <Server >
      <Service >
        <!-- an HTTPS connector associated with an HTTP which should set
redirectPort there -->
        <!-- Connector 
          className="org.apache.catalina.connector.http.HttpConnector" 
          port="443" minProcessors="5" maxProcessor="75" acceptCount="10"
          enableLookups="true" scheme="https" secure="true" >
          <Factory
className="org.jboss.web.catalina.security.SSLServerSocketFactory"
              securityDomainName="java:/jaas/tomcat" clientAuth="false"
protocol="TLS" />
        </Connector -->
        <!-- an HTTP connector redirecting to an HTTPS which can be
configures as the def connector -->
        <Connector 
          className="org.apache.catalina.connector.http.HttpConnector" 
          port="80" minProcessors="5" maxProcessor="75" acceptCount="10"
          enableLookups="true"  redirectPort="443" scheme="http"
secure="false" />
        <!-- a pair of HTTP/HTTPS connectors should be used with the "none"
ConnectorType -->
        <Connector
className="org.apache.catalina.connector.http.HttpConnector"
               port="8080" minProcessors="5" maxProcessors="75"
               enableLookups="true" redirectPort="8443"
               acceptCount="10" debug="0" connectionTimeout="60000"/>
        <Connector 
          className="org.apache.catalina.connector.http.HttpConnector" 
          port="8443" minProcessors="5" maxProcessor="75" acceptCount="10"
          enableLookups="true" scheme="https" secure="true" >
          <Factory
className="org.jboss.web.catalina.security.SSLServerSocketFactory"
              securityDomainName="java:/jaas/tomcat" clientAuth="false"
protocol="TLS" />
        </Connector>
      </Service>
     </Server>
    </attribute>
  </mbean>



> -----Message d'origine-----
> De: Gerry Duhig [mailto:[EMAIL PROTECTED]]
> Date: lundi 21 janvier 2002 10:54
> �: Thomas Clouser; [EMAIL PROTECTED]
> Objet: Re: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port redirection
> 
> 
> Have we got any further with this? I have the same problem. I 
> MUST have the
> redirect working when I use a transport guarantee otherwise 
> my whole site
> architecture goes out the window!
> 
> Gerry
> 
> ----- Original Message -----
> From: "Thomas Clouser" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, January 16, 2002 3:41 PM
> Subject: Re: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port 
> redirection
> 
> 
> > Alain,
> >
> > Yes,  I do have the docs, as mentioned in the original 
> post.  (Note the
> > document has significant error - it should be <attribute 
> name="Config">
> > </attribute>, not <config></config>.   This was solved over 
> the past weeks
> > on the jboss forum [which is currently down :-( ].)
> >
> > Yes, I have tried a bit of trickery with the "Config" 
> attribute of the
> > EmbeddedCatalinaServiceSX.
> >
> >  I have SSL and Non-SSL working fine.
> >
> > What I do not have (which Tomcat supports in Standalone) is 
> automatic
> > redirection to the SSL port when a url pattern with a 
> transport guarantee
> of
> > CONFIDENTIAL or INTEGRAL is requested over http.  Again, 
> this is handled
> by
> > the redirectPort attribute of the connector under Tomcat.  
> But according
> to
> > the docs, this is not an available attribute for the
> > EmbeddedCatalinaServiceSX.
> >
> > What I need to know (from whomever wrote the 
> EmbeddedCatalinaServiceSX),
> > does it actually support the concept of the redirectPort (see Tomcat
> config
> > docs)?  Or in wrapping tomcat, was this feature lost?
> >
> > Yes, I know I could look at the code, but at that point the cost of
> > configuring the server becomes too high.
> >
> > Thanks for your suggestions,
> >
> > TC
> >
> >
> > ----- Original Message -----
> > From: "Coetmeur, Alain" <[EMAIL PROTECTED]>
> > Sent: Wednesday, January 16, 2002 10:04 AM
> > Subject: RE: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port 
> redirection
> >
> >
> > In fact this is documentend in the
> > (cheap 10$) commercial dcumentation of jboss2.4.4
> >
> > http://www.flashline.com/Components/View.jsp?prodid=4375
> >
> > if you can, buy it, it is worth it...
> >
> > there a 3 way to support SSL, one set the catalina engine
> > to serve only SSL and uses JAAS Mbean,
> > a second is similar to the one documented in catalina documentation,
> > and the third uses a jboss SSL socket factory and uses the 
> JAAS MBEAN
> > which is documented in this book...
> >
> > <server>
> > ...
> > <!-- The SSL domain setup -->
> > <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
> > name="Security:name=JaasSecurityDomain,domain=RMI+SSL">
> > <constructor>
> > <arg type="java.lang.String" value="RMI+SSL"/>
> > </constructor>
> > <attribute name="KeyStoreURL">chap8.keystore</attribute>
> > <attribute name="KeyStorePass">rmi+ssl</attribute>
> > </mbean>
> > ...
> > <!-- The embedded Tomcat-4.x setup with non-SSL and SSL HTTP
> > connectors enabled -->
> > <mbean code="org.jboss.web.catalina.EmbeddedCatalinaServiceSX"
> > 10 INTEGRATING SERVLET CONTAINERS
> > namain:service=EmbeddedTomcat">
> > <config>
> > <Connector
> > className="org.apache.catalina.connector.http.HttpConnector"
> > port="8443" minProcessors="5" maxProcessors="75"
> > enableLookups="true"
> > acceptCount="10" scheme="https" secure="true">
> > <Factory
> > className="org.jboss.web.catalina.security.SSLServerSocketFactory"
> > securityDomainName="java:/jaas/RMI+SSL"/>
> > </Connector>
> > </config>
> > </mbean>
> > </server>
> >
> > to be honnest, It is not evident to understand what this 
> does without
> > the doc...
> >
> > I'm really happy with this doc, event If I paid from
> > my pocket because my online transaction cannot be
> > accepted by my accounters in my company.
> > Anyway this is only because we don't have opened a corporate
> > account on flashline
> > http://www.flashline.com/aboutus/caccount.jsp
> > (stupid was I 8> )
> >
> >
> >
> > -----Message d'origine-----
> > De: Thomas Clouser [mailto:[EMAIL PROTECTED]]
> > Date: mercredi 16 janvier 2002 05:21
> > : [EMAIL PROTECTED]
> > Objet: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port redirection
> >
> >
> > From what I can see (docs, mailing list archive), the
> > EmbeddedCatalinaServiceSX MBean does not provide the 
> necessary attribute
> > (and perhaps support code) to support port redirection.
> >
> > This functionality is supported by the redirectPort attribute of the
> > connector setup for http in Tomcat 4.x (standalone).  The 
> value given for
> > this attribute would be the port number for https.
> >
> > This would allow for the automatic redirection of request 
> whose content
> (url
> > pattern) had a transport guarantee of CONFIDENTIAL or INTEGRAL.
> >
> > Does anyone have a workaround for this?
> >
> > TIA,
> >
> > TC
> >
> >
> >
> > _______________________________________________
> > JBoss-user mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/jboss-user
> 
> 
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/jboss-user
> 

_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to