still fighting HTTP HTTPS problem
hello everyone... i still couldn´t find a solution on how to switch from let´s say http://localhost:myport/myapp/something.jsp to https://localhost:mysecureport/myapp/somethingelsethatneedstobesecure_oreven thesamepage.jsp while retaining resp. cloning the content of my sessioncontext... i am using the urlrewriting-method to manage my sessions as far as my experience tells me i get two different sessionIDs for http://localhost:myport/myapp/something.jsp and the corresponding https://localhost:mysecureport/myapp/something.jsp how can i copy the sessioncontext to the secure side and vice versa? michy
RE: still fighting HTTP HTTPS problem
well i am using a tomcat-standalone version... i know, that some webservers like apache would do that task for me... well jonathan... thanks... i´ll try it and get back to You if i have further questions... alright?! michy -Original Message- From: Rainer Alföldi [mailto:[EMAIL PROTECTED]] Sent: Freitag, 11. Mai 2001 17:28 To: [EMAIL PROTECTED]; Jonathan Asbell Subject: AW: still fighting HTTP HTTPS problem Hi Michael, hi Jonathan, does it have to be that complicated? We just put an apache in front of tomcat. period. tomcat doesn´t know what ports the requests are coming from. all ssl stuff is handled by apache. no problems. switching between https and http is totally transparent for tomcat = struts = for our application. Greetings Rainer -Ursprüngliche Nachricht- Von: Jonathan Asbell [mailto:[EMAIL PROTECTED]] Gesendet: Freitag, 11. Mai 2001 13:36 An: [EMAIL PROTECTED] Betreff: Re: still fighting HTTP HTTPS problem Mike. Dude. That IS the way to do it. 1) check to see if you ACTUALLY GET the 2 sessions (if you can get them, do a session.toString() to see that they are not the same session indeed) 2) you should be sending the serialized data from the unsecure session into the secured session: if you are using an non visual jsp to process it would go something like this a) get the query string and hold it b) get the data you want from the non-secure session, includeing the session id and encode it c) make an name value pair for the session stuff and dont forget to encode the value (unsecure_session_contents=thedatayouareholdingfromthesession) d) add the new name value pair to the query string you are holding e) forward the whole shebang to the secure url you are going to. f) on the secure side get the request and put the request.getParameter(unsecure_session_contents) into the new Secure session. g) do the same for the return trip, but remember when you return you have to try to look up the session with the id you saved. If its gone its because you timed out. - Original Message - From: Michael Wilimsky [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 11, 2001 6:20 AM Subject: still fighting HTTP HTTPS problem hello everyone... i still couldn´t find a solution on how to switch from let´s say http://localhost:myport/myapp/something.jsp to https://localhost:mysecureport/myapp/somethingelsethatneedstobesecure_oreven thesamepage.jsp while retaining resp. cloning the content of my sessioncontext... i am using the urlrewriting-method to manage my sessions as far as my experience tells me i get two different sessionIDs for http://localhost:myport/myapp/something.jsp and the corresponding https://localhost:mysecureport/myapp/something.jsp how can i copy the sessioncontext to the secure side and vice versa? michy
RE: switch from http to https
thanx... can You give a code example for that approach? michael -Original Message- From: Jonathan [mailto:[EMAIL PROTECTED]] Sent: Freitag, 27. April 2001 17:26 To: [EMAIL PROTECTED] Subject: Re: switch from http to https You have to use url rewriting to send and save the session temporarily on the https side, and when you are done you have to resend the saved session info, again via url rewriting, back to the non-secure side which will still have your session if you didnt take too long on the https side, and then you get the session with the session you passed back. Otherwise you need to have a webserver / appserver combo which has the ability to cluster and share sessions - Original Message - From: Michael Wilimsky [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 27, 2001 9:22 AM Subject: switch from http to https does anyone out there have an idea of how to perform the switching between http and https? i want to make the login.jsp secure but leave the other jsp-files in the insecure section... i also have problems to perform a download via https... i get strange browser error-messages any help appreciated michy
switch from http to https
does anyone out there have an idea of how to perform the switching between http and https? i want to make the login.jsp secure but leave the other jsp-files in the insecure section... i also have problems to perform a download via https... i get strange browser error-messages any help appreciated michy
http to https redirect
hi! i have the following problem: i am using struts and its template mechanism (template-taglib) in my index.jsp: mytags:initapp/ template:insert template='%= (String) session.getAttribute(layout) %' template:put name=header content='%= (String) session.getAttribute(header) %'/ template:put name=content content='%= (String) session.getAttribute(content) %'/ template:put name=footer content='%= (String) session.getAttribute(footer) %'/ /template:insert as one can see, i put some logic names for logic content in my sessioncontext used by a layout.jsp file all i do in my webapplication is to switch the content-.jsp file depending on user-input... occasionally changing the header or footer... in my index.jsp i added a custom tag: mytags:initapp/ it performs initial Database-Settings and i also tried to put in the security switch dpending on my current content-filename... what i want to do now is to turn security on for certain webcontents, e.g when the content-jsp is set to login.jsp where the security-relevant user/password info is sent over the net... i configured tomcat for SSL on port 7573 the source for my initapp-tag contains: String server = ((HttpServletRequest) pageContext.getRequest()).getServerName(); String contextPath = ((HttpServletRequest) pageContext.getRequest()).getContextPath(); String servletPath = ((HttpServletRequest) pageContext.getRequest()).getServletPath(); boolean issecure = ((HttpServletRequest) pageContext.getRequest()).isSecure(); if (content.equals(login.jsp) !issecure) { String secure = https://+server+:+7573+contextPath+servletPath; HttpServletResponse response = (HttpServletResponse) pageContext.getResponse(); try { response.sendRedirect(response.encodeRedirectURL(secure)); return (SKIP_PAGE); } catch (Exception e) { System.err.println(e); } } but the browser can´t handle the switch to https somehow and tells something about cannot open site... a security problem occurred... how can i perform a switch between http://myhost:8080/myapp/index.jsp and https://myhost:7573/myapp/index.jsp? please help thanx michy
SSL and Struts
i tried to establish a SSL-Connection with Tomcat / Struts using openSSL but when using https protocol url-rewriting seems to fail somehow... is there a solution for that... p.s. i am working on a w2k machine with ie5 michael
RE: SSL and Struts
hey... it works... thanx for help... michael -Original Message- From: Dan Miser [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 10. April 2001 16:19 To: [EMAIL PROTECTED] Subject: Re: SSL and Struts Here's the reply I just posted on Bugzilla about this: This isn't a bug of Struts, but a misconfiguration of SSL. In addition to the comments in Tomcat's server.xml, you need to define a system property to tell Java where it should find the classes for SSL support. You can do this either in code (System.setProperty(key, value)) or by passing the property in on the command line (-Dkey=value). This is the property I used with JSSE, and it works fine. java.protocol.handler.pkgs = com.sun.net.ssl.internal.www.protocol If anything, I would argue that the bug here is to report the MalformedURLException in RequestUtils.absoluteURL to a log file. Dan Miser From: "Michael Wilimsky" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: SSL and Struts Date: Tue, 10 Apr 2001 17:54:48 +0200 i tried to establish a SSL-Connection with Tomcat / Struts using openSSL but when using https protocol url-rewriting seems to fail somehow... is there a solution for that... p.s. i am working on a w2k machine with ie5 michael _ Get your FREE download of MSN Explorer at http://explorer.msn.com