Re: [Resin-interest] ssl port

2007-06-01 Thread Sam 
Resin 3.1.1 includes some features in rewrite-dispatch that may be able
to help:
http://www.caucho.com/resin-3.1/doc/rewrite-tags.xtp#set

Basically, there is facility to set the isSecure method of the request
to return true if there is some condition of the request (such as a
header set by the load balancer) that can be used to determine that the
request should be secure.

http://caucho.com/ns/resin";>

  

  

  



If the load balancer is configured to proxy regular requests to port
8080 and SSL requests to port 8443 then something like the following
should work:

http://caucho.com/ns/resin";>

  

  

  



-- Sam



___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] ssl port

2007-06-01 Thread Knut Forkalsrud 
Michael Fortin wrote:
> What  do you mean by 'request adapter'?
>   
I mean the Wrapper or Decorator pattern, more specifically
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpServletRequestWrapper.html

Subclass this one and override isSecure().  Then use a filter to inject 
the wrapped request
making that what the rest of your webapp sees.

-Knut


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] ssl port

2007-06-01 Thread Michael Fortin 
We do have a header attribute that tells us if it's secure or not which 
I could use in a filter.  That would be an acceptable solution.   I've 
tried modifying the request in a filter before I tried setting up the 
8443 port but isSecure is immutable.  What  do you mean by 'request 
adapter'?

Michael

Knut Forkalsrud wrote:
> Michael Fortin wrote:
>   
>> How do I configure resin to know the request on 8443 is secure?
>>   
>> 
>
> If your advanced load balancer can inject an HTTP header in the SSL
> requests
> you can use a servlet filter to add a request adapter that overrides the
> isSecure method.
>
> -Knut
>
>
>
>
> ___
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>   


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] ssl port

2007-06-01 Thread Knut Forkalsrud 
Michael Fortin wrote:
> How do I configure resin to know the request on 8443 is secure?
>   

If your advanced load balancer can inject an HTTP header in the SSL
requests
you can use a servlet filter to add a request adapter that overrides the
isSecure method.

-Knut




___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] ssl port

2007-06-01 Thread Michael Fortin 
Hi Bill,

I've just tested my theory and it didn't work as I had hoped, the 
request is not flaged as secure.  In my resin.conf :




 
   

and I setup a simple jsp that outputs:

Secure? <%= request.isSecure() %>


when I call either of the following urls secure is false.

http://172.30.1.219:8080/test.jsp
http://172.30.1.219:8443/test.jsp


How do I configure resin to know the request on 8443 is secure?


Thanks,
Michael

Bill Au wrote:
> There is a  under 
>
> http://www.caucho.com/resin-3.0/config/resin.xtp#host
>
> You may have to use that to set the port number for SSL.
>
> Bill
>
> On 6/1/07, *Michael Fortin* <[EMAIL PROTECTED] 
> > wrote:
>
> Hi Bill,
>
> Thanks for the response.  Honestly, I haven't tested it just yet.  I
> didn't see a 'secure' attribute on the  config element so
> I just
> wanted to confirm that 8443 will implicitly be secure even though I'm
> not setting an encryption handler.  I didn't see anything here
> (http://caucho.com/resin-3.0/security/ssl.xtp#notneeded)  about it.
> I'll be back if it doesn't work.
>
> Thanks again,
> Michael
>
>
> Bill Au wrote:
> > With the SSL port set up in Resin, relative redirect on a https
> > request should go to the SSL port.  Is that not the case?
> >
> > Bill
> >
> > On 6/1/07, *Michael Fortin * <[EMAIL PROTECTED]
> 
> > >>
> wrote:
> >
> > Hello,
> >
> > We have our servers setup behind a load balancer and the
> load balancer
> > does all the encryption for ssl.  All traffic inside our
> network is on
> > port 8080.  If I do a relative redirect on a request from a
> secure
> > url
> > it returns an insecure url.  To try and fix this I setup
> another http
> > port in the resin conf for 8443 and set the load balancer to
> send
> > secure
> > traffic to that port.  Tomcat has a isSecure flag on it's
> > connector to
> > tell the request it's a secure request even though it's already
> > decrypted.  Does resin have something like that?  Will resin
> know to
> > make a secure link on that port?
> >
> > Resin version 3.0.18
> > JDK 1.5.0_10
> > Linux
> >
> > Thanks
> > Michael
> >
> >
> > ___
> > resin-interest mailing list
> > resin-interest@caucho.com 
> >
> > http://maillist.caucho.com/mailman/listinfo/resin-interest
> >
> >
> >
> 
> >
> > ___
> > resin-interest mailing list
> > resin-interest@caucho.com 
> > http://maillist.caucho.com/mailman/listinfo/resin-interest
> 
> >
>
>
> ___
> resin-interest mailing list
> resin-interest@caucho.com 
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>
>
> 
>
> ___
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>   


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] ssl port

2007-06-01 Thread Bill Au 

There is a  under 

http://www.caucho.com/resin-3.0/config/resin.xtp#host

You may have to use that to set the port number for SSL.

Bill

On 6/1/07, Michael Fortin <[EMAIL PROTECTED]> wrote:


Hi Bill,

Thanks for the response.  Honestly, I haven't tested it just yet.  I
didn't see a 'secure' attribute on the  config element so I just
wanted to confirm that 8443 will implicitly be secure even though I'm
not setting an encryption handler.  I didn't see anything here
(http://caucho.com/resin-3.0/security/ssl.xtp#notneeded)  about it.
I'll be back if it doesn't work.

Thanks again,
Michael


Bill Au wrote:
> With the SSL port set up in Resin, relative redirect on a https
> request should go to the SSL port.  Is that not the case?
>
> Bill
>
> On 6/1/07, *Michael Fortin * <[EMAIL PROTECTED]
> > wrote:
>
> Hello,
>
> We have our servers setup behind a load balancer and the load
balancer
> does all the encryption for ssl.  All traffic inside our network is
on
> port 8080.  If I do a relative redirect on a request from a secure
> url
> it returns an insecure url.  To try and fix this I setup another
http
> port in the resin conf for 8443 and set the load balancer to send
> secure
> traffic to that port.  Tomcat has a isSecure flag on it's
> connector to
> tell the request it's a secure request even though it's already
> decrypted.  Does resin have something like that?  Will resin know to
> make a secure link on that port?
>
> Resin version 3.0.18
> JDK 1.5.0_10
> Linux
>
> Thanks
> Michael
>
>
> ___
> resin-interest mailing list
> resin-interest@caucho.com 
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>
>
> 
>
> ___
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] ssl port

2007-06-01 Thread Michael Fortin 
Hi Bill,

Thanks for the response.  Honestly, I haven't tested it just yet.  I 
didn't see a 'secure' attribute on the  config element so I just 
wanted to confirm that 8443 will implicitly be secure even though I'm 
not setting an encryption handler.  I didn't see anything here 
(http://caucho.com/resin-3.0/security/ssl.xtp#notneeded)  about it.  
I'll be back if it doesn't work.

Thanks again,
Michael


Bill Au wrote:
> With the SSL port set up in Resin, relative redirect on a https 
> request should go to the SSL port.  Is that not the case?
>
> Bill
>
> On 6/1/07, *Michael Fortin * <[EMAIL PROTECTED] 
> > wrote:
>
> Hello,
>
> We have our servers setup behind a load balancer and the load balancer
> does all the encryption for ssl.  All traffic inside our network is on
> port 8080.  If I do a relative redirect on a request from a secure
> url
> it returns an insecure url.  To try and fix this I setup another http
> port in the resin conf for 8443 and set the load balancer to send
> secure
> traffic to that port.  Tomcat has a isSecure flag on it's
> connector to
> tell the request it's a secure request even though it's already
> decrypted.  Does resin have something like that?  Will resin know to
> make a secure link on that port?
>
> Resin version 3.0.18
> JDK 1.5.0_10
> Linux
>
> Thanks
> Michael
>
>
> ___
> resin-interest mailing list
> resin-interest@caucho.com 
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>
>
> 
>
> ___
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>   


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] ssl port

2007-06-01 Thread Bill Au 

With the SSL port set up in Resin, relative redirect on a https request
should go to the SSL port.  Is that not the case?

Bill

On 6/1/07, Michael Fortin <[EMAIL PROTECTED]> wrote:


Hello,

We have our servers setup behind a load balancer and the load balancer
does all the encryption for ssl.  All traffic inside our network is on
port 8080.  If I do a relative redirect on a request from a secure url
it returns an insecure url.  To try and fix this I setup another http
port in the resin conf for 8443 and set the load balancer to send secure
traffic to that port.  Tomcat has a isSecure flag on it's connector to
tell the request it's a secure request even though it's already
decrypted.  Does resin have something like that?  Will resin know to
make a secure link on that port?

Resin version 3.0.18
JDK 1.5.0_10
Linux

Thanks
Michael


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

[Resin-interest] ssl port

2007-06-01 Thread Michael Fortin 
Hello,

We have our servers setup behind a load balancer and the load balancer 
does all the encryption for ssl.  All traffic inside our network is on 
port 8080.  If I do a relative redirect on a request from a secure url 
it returns an insecure url.  To try and fix this I setup another http 
port in the resin conf for 8443 and set the load balancer to send secure 
traffic to that port.  Tomcat has a isSecure flag on it's connector to 
tell the request it's a secure request even though it's already 
decrypted.  Does resin have something like that?  Will resin know to 
make a secure link on that port?

Resin version 3.0.18
JDK 1.5.0_10
Linux

Thanks
Michael


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest