Alain, Thanks a million, it worked like a charm. I will repost your answer to the Forum (threaded discussion group) at http://www.jboss.org .
Thanks, Tom. PS How did you ever decide to look at jboss.properties? ----- Original Message ----- From: "Coetmeur, Alain" <[EMAIL PROTECTED]> To: "'Gerry Duhig'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: "'Thomas Clouser'" <[EMAIL PROTECTED]> Sent: Friday, January 25, 2002 1:00 PM Subject: RE: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port redirection > For your information, > afeter many patches , > I get it to work... > > the problem was quite stupid, but hard to guess > without the debug mode of catalina: > > you have to configure the support of HTTPS URL... > ie add to jboss.properties the line: > #JSSE https URL support > java.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol > > this should be stored in a FAQ or in a cookbook > > then the redirectport of catalina works... > > that's magic.... > > > > I've made many patches, to support redirectPort parameter, > to add a "none" type of connector so you can > create all from the config attribute, > to support xerces and any XML parser... > > but for your needs you have nothing to change, since > you can configure a secure HTTP connector as the default > connector, and add an HTTP connector that have > a redirectport to the secure port... > > > now I use this test config that > define 2 http/https pair of connector, but one pait is enough for you > > <!-- Embedded Tomcat 4.x - JBossSX SecurityDomain (JaasSecurityDomain) --> > <mbean code="org.jboss.security.plugins.JaasSecurityDomain" > name="Security:name=JaasSecurityDomain,domain=tomcat"> > <constructor> > <arg type="java.lang.String" value="tomcat" /> > </constructor> > <attribute name="KeyStoreURL">../conf/tomcat.jks</attribute> > <attribute name="KeyStorePass">changeit</attribute> > </mbean> > > > <!-- Uncomment to add embedded catalina service --> > <mbean code="org.jboss.web.catalina.EmbeddedCatalinaServiceSX" > name="DefaultDomain:service=EmbeddedTomcat" > > <attribute name="ConnectorType">http</attribute> > > <!-- an HTTP connector associated with an HTTPS configured in the config > attribute --> > <!--attribute name="Port">80</attribute> > <attribute name="RedirectPort">443</attribute --> > > <!-- an HTTPS connector associated with an HTTP configured in the config > attribute, > redirectPort should be set there --> > <attribute name="Port">443</attribute> > <attribute name="SecurityDomain">java:/jaas/tomcat</attribute> > > <attribute name="Config"> > <Connector > className="org.apache.catalina.connector.http.HttpConnector" > port="80" minProcessors="5" maxProcessors="75" > enableLookups="true" redirectPort="443" > acceptCount="10" debug="1" connectionTimeout="60000"/> > </attribute> > <attribute name="Config"> > <Server > > <Service > > <!-- an HTTPS connector associated with an HTTP which should set > redirectPort there --> > <!-- Connector > className="org.apache.catalina.connector.http.HttpConnector" > port="443" minProcessors="5" maxProcessor="75" acceptCount="10" > enableLookups="true" scheme="https" secure="true" > > <Factory > className="org.jboss.web.catalina.security.SSLServerSocketFactory" > securityDomainName="java:/jaas/tomcat" clientAuth="false" > protocol="TLS" /> > </Connector --> > <!-- an HTTP connector redirecting to an HTTPS which can be > configures as the def connector --> > <Connector > className="org.apache.catalina.connector.http.HttpConnector" > port="80" minProcessors="5" maxProcessor="75" acceptCount="10" > enableLookups="true" redirectPort="443" scheme="http" > secure="false" /> > <!-- a pair of HTTP/HTTPS connectors should be used with the "none" > ConnectorType --> > <Connector > className="org.apache.catalina.connector.http.HttpConnector" > port="8080" minProcessors="5" maxProcessors="75" > enableLookups="true" redirectPort="8443" > acceptCount="10" debug="0" connectionTimeout="60000"/> > <Connector > className="org.apache.catalina.connector.http.HttpConnector" > port="8443" minProcessors="5" maxProcessor="75" acceptCount="10" > enableLookups="true" scheme="https" secure="true" > > <Factory > className="org.jboss.web.catalina.security.SSLServerSocketFactory" > securityDomainName="java:/jaas/tomcat" clientAuth="false" > protocol="TLS" /> > </Connector> > </Service> > </Server> > </attribute> > </mbean> > > > > > -----Message d'origine----- > > De: Gerry Duhig [mailto:[EMAIL PROTECTED]] > > Date: lundi 21 janvier 2002 10:54 > > À: Thomas Clouser; [EMAIL PROTECTED] > > Objet: Re: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port redirection > > > > > > Have we got any further with this? I have the same problem. I > > MUST have the > > redirect working when I use a transport guarantee otherwise > > my whole site > > architecture goes out the window! > > > > Gerry > > > > ----- Original Message ----- > > From: "Thomas Clouser" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, January 16, 2002 3:41 PM > > Subject: Re: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port > > redirection > > > > > > > Alain, > > > > > > Yes, I do have the docs, as mentioned in the original > > post. (Note the > > > document has significant error - it should be <attribute > > name="Config"> > > > </attribute>, not <config></config>. This was solved over > > the past weeks > > > on the jboss forum [which is currently down :-( ].) > > > > > > Yes, I have tried a bit of trickery with the "Config" > > attribute of the > > > EmbeddedCatalinaServiceSX. > > > > > > I have SSL and Non-SSL working fine. > > > > > > What I do not have (which Tomcat supports in Standalone) is > > automatic > > > redirection to the SSL port when a url pattern with a > > transport guarantee > > of > > > CONFIDENTIAL or INTEGRAL is requested over http. Again, > > this is handled > > by > > > the redirectPort attribute of the connector under Tomcat. > > But according > > to > > > the docs, this is not an available attribute for the > > > EmbeddedCatalinaServiceSX. > > > > > > What I need to know (from whomever wrote the > > EmbeddedCatalinaServiceSX), > > > does it actually support the concept of the redirectPort (see Tomcat > > config > > > docs)? Or in wrapping tomcat, was this feature lost? > > > > > > Yes, I know I could look at the code, but at that point the cost of > > > configuring the server becomes too high. > > > > > > Thanks for your suggestions, > > > > > > TC > > > > > > > > > ----- Original Message ----- > > > From: "Coetmeur, Alain" <[EMAIL PROTECTED]> > > > Sent: Wednesday, January 16, 2002 10:04 AM > > > Subject: RE: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port > > redirection > > > > > > > > > In fact this is documentend in the > > > (cheap 10$) commercial dcumentation of jboss2.4.4 > > > > > > http://www.flashline.com/Components/View.jsp?prodid=4375 > > > > > > if you can, buy it, it is worth it... > > > > > > there a 3 way to support SSL, one set the catalina engine > > > to serve only SSL and uses JAAS Mbean, > > > a second is similar to the one documented in catalina documentation, > > > and the third uses a jboss SSL socket factory and uses the > > JAAS MBEAN > > > which is documented in this book... > > > > > > <server> > > > ... > > > <!-- The SSL domain setup --> > > > <mbean code="org.jboss.security.plugins.JaasSecurityDomain" > > > name="Security:name=JaasSecurityDomain,domain=RMI+SSL"> > > > <constructor> > > > <arg type="java.lang.String" value="RMI+SSL"/> > > > </constructor> > > > <attribute name="KeyStoreURL">chap8.keystore</attribute> > > > <attribute name="KeyStorePass">rmi+ssl</attribute> > > > </mbean> > > > ... > > > <!-- The embedded Tomcat-4.x setup with non-SSL and SSL HTTP > > > connectors enabled --> > > > <mbean code="org.jboss.web.catalina.EmbeddedCatalinaServiceSX" > > > 10 INTEGRATING SERVLET CONTAINERS > > > namain:service=EmbeddedTomcat"> > > > <config> > > > <Connector > > > className="org.apache.catalina.connector.http.HttpConnector" > > > port="8443" minProcessors="5" maxProcessors="75" > > > enableLookups="true" > > > acceptCount="10" scheme="https" secure="true"> > > > <Factory > > > className="org.jboss.web.catalina.security.SSLServerSocketFactory" > > > securityDomainName="java:/jaas/RMI+SSL"/> > > > </Connector> > > > </config> > > > </mbean> > > > </server> > > > > > > to be honnest, It is not evident to understand what this > > does without > > > the doc... > > > > > > I'm really happy with this doc, event If I paid from > > > my pocket because my online transaction cannot be > > > accepted by my accounters in my company. > > > Anyway this is only because we don't have opened a corporate > > > account on flashline > > > http://www.flashline.com/aboutus/caccount.jsp > > > (stupid was I 8> ) > > > > > > > > > > > > -----Message d'origine----- > > > De: Thomas Clouser [mailto:[EMAIL PROTECTED]] > > > Date: mercredi 16 janvier 2002 05:21 > > > : [EMAIL PROTECTED] > > > Objet: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port redirection > > > > > > > > > From what I can see (docs, mailing list archive), the > > > EmbeddedCatalinaServiceSX MBean does not provide the > > necessary attribute > > > (and perhaps support code) to support port redirection. > > > > > > This functionality is supported by the redirectPort attribute of the > > > connector setup for http in Tomcat 4.x (standalone). The > > value given for > > > this attribute would be the port number for https. > > > > > > This would allow for the automatic redirection of request > > whose content > > (url > > > pattern) had a transport guarantee of CONFIDENTIAL or INTEGRAL. > > > > > > Does anyone have a workaround for this? > > > > > > TIA, > > > > > > TC > > > > > > > > > > > > _______________________________________________ > > > JBoss-user mailing list > > > [EMAIL PROTECTED] > > > https://lists.sourceforge.net/lists/listinfo/jboss-user > > > > > > _______________________________________________ > > JBoss-user mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/jboss-user > > > _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
