Ahh, I see. The thing is our portal displays very sensitive data and it all needs to be protected by SSL so that the sensitive data can't be picked up during transit. I still might be able to use your mechanism to just do a redirect to the correct page though. I'm wondering however if I'll hit the same problem since Tomcat is supposed to be just doing a redirect itself. My problem stems from the fact that it appears Turbine returns the port the request came in on and not the port the request was serviced on when calling getServerPort().
Thanks again, Chris -----Original Message----- From: Hema Menon [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 18, 2005 10:04 AM To: chris holt Subject: Re: Problem with Redirect when using SSL with Tomcat Chris, We did it like that because we do not always require SSL, we give the administrator an option to select what type of security they need from among HTTP, HTTPS, or HTTPS for login only. So we did not want to have SSL applied to the entire web application. Hema On Tue, 18 Jan 2005 09:58:44 -0500, chris holt <[EMAIL PROTECTED]> wrote: > Thanks for the reply. > Did you do it that way because you ran into the same problem I did? > The default Tomcat way of making a web application secure should work > though, don't you agree? > > Chris > > -----Original Message----- > From: Hema Menon [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 18, 2005 9:26 AM > To: Jetspeed Users List > Subject: Re: Problem with Redirect when using SSL with Tomcat > > Chris, > > I've tried it in a different way. In the Login page, I use javascript > to detect if the request comes with a scheme of HTTP or HTTPS and > based on that would redirect the request to use HTTPS. We use Tomcat > 5.0.28 and JS 1.5 SSL Connector is enabled in the Tomcat > configuration. > > Hema > > On Tue, 18 Jan 2005 09:08:47 -0500, chris holt <[EMAIL PROTECTED]> > wrote: > > I sent the following email with no response so I would like to ask > > my question in a different way to see if anybody has done what I'm > > trying > > > to do. > > > > Has anybody successfully setup Tomcat 5.0.28 with Jetspeed 1.5 and > > forced their users to use a secure connection to their portal? > > > > Thanks, > > > > Chris > > > > -----Original Message----- > > From: chris holt [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, January 11, 2005 10:57 AM > > To: Jetspeed Users List > > Subject: RE: Problem with Redirect when using SSL with Tomcat > > > > I have been researching this more by debugging and it appears that > > the > > > HttpServletRequest class that the TurbineRunDataService class uses > > to populate the ServerData class is returning the wrong port. This > > is feeling like a problem with Tomcat. Has anybody else hit a > > problem similar to this one. > > > > Thanks, > > > > Chris > > > > -----Original Message----- > > From: chris holt [mailto:[EMAIL PROTECTED] > > Sent: Monday, January 10, 2005 6:01 PM > > To: Jetspeed Users List > > Subject: Problem with Redirect when using SSL with Tomcat > > > > I am using Tomcat 5.0.28 with Jetspeed 1.5 and I am having a problem > > using SSL. I have set the following in the web.xml file of jetspeed > > to > > > force use of SSL when talking to portal. > > > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Entire Application</web-resource-name> > > <url-pattern>/*</url-pattern> > > </web-resource-collection> > > <user-data-constraint> > > <description>Constrain the entire application to force use of > > HTTPS</description> > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > </user-data-constraint> > > </security-constraint> > > > > When the user goes to http://localhost:8080/jetspeed Tomcat > > correctly redirects the browser to https://localhost:8443/jetspeed. > > However, the > > > anonymous user login page takes forever to come up, and when it does > > come up the skin isn't working. There is no borders, tab controls, > > or > > > anything. I believe the problem has to do with the base tag being > > <base href="https://mroadster:8080/jetspeed/";>. I can see why this > > would make things slow because of all the redirects but I don't > > understand why the stylesheet isn't working correctly. > > > > However, if the user goes to https://localhost:8443/jetspeed/ > > everything works fine. Is there a why to get the $clink.External > > command to store the redirected URL instead. > > > > Thanks, > > > > Chris > > > > -------------------------------------------------------------------- > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > -------------------------------------------------------------------- > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > -- > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Hema Menon > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hema Menon --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
