How do I remove HTTPS after login in ? I have read other posts. I still need
this thread as it has to do with JAAS on tomcat. Please read on. For the
hasty, jump to 9 onwards.
My UI stack is as follows :
* JSF 1.2, Facelets, Richfaces 3.2.1
* JAAS
* Tomcat 6
0. Relevant web.xml entries
security-constraint
display-nameUser Login Page/display-name
web-resource-collection
web-resource-nameLogin Resource/web-resource-name
url-pattern/pages/secure/*/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
/web-resource-collection
auth-constraint
role-nameUser/role-name
/auth-constraint
user-data-constraint
transport-guaranteeCONFIDENTIAL/transport-guarantee
/user-data-constraint
/security-constraint
...
...
login-config
auth-methodFORM/auth-method
realm-nameprojx/realm-name
form-login-config
form-login-page/pages/login/login.jsf/form-login-page
form-error-page/pages/login/loginerror.jsf/form-error-page
/form-login-config
/login-config
0.1 Login page :
rich:panel id=loginPanel
f:facet name=headerLogin Panel/f:facet
f:verbatim
form method=post action=j_security_check
tabletr
tdUser Id/td
tdinput type=text
name=j_username //td
/tr
tr
tdPassword/td
tdinput type=password
name=j_password //td
/tr
tr
td align=center
input type=submit
value=Login /
/td
/tr/table
/form
/f:verbatim
/rich:panel
1. SSL Enabled Login page
2. Rest are non SSL-pages
3. JAAS Configured with some page requiring login (therefore fwd to SSL)
4. Homepage has 'Login' hyperlink -- which points to
--/pages/secure/Userhomepage.jsf
Simple Login Usercase
5. User clicks on 'Login' hyperlink
6. Tomcat CMA intercepts and takes user to /pages/login/login.jsf
but URL shows
https://localhost:8443/abc/pages/secure/Userhomepage.jsf
7. User keys in credentials and login is successful
8. Userhomepage.jsf http response is generated and shown on browser BUT URL
is still
https://localhost:8443/abc/pages/secure/Userhomepage.jsf
Problem
-
9. HTTPS should not be show from 8 onwards. How do I remove it ?
Questions
10. I know that HTTPS has to be programattically removed. But between
7 and 8, How do I do it ?
a) Where do I put a URL rewrite filter code ? It won't even be invoked..
b) How can I do it programmatically when the redirection is being
done by Tomcat ?
On a side note (question on JAAS configured on Tomcat )
---
11. Why do I have to declare '/pages/secure/*' with
auth-constraint
role-nameUser/role-name
/auth-constraint
?
12. Why isn't there a way to just forward to login.jsf which forwards to
j_security_check ?
13. Is there a way to make Tomcat container aware of a JAASubject
What I would really like is a Richfaces modal panel for a login ?
Such a simple use case has become really complicated. Instead of
flexibility,
across presentation layers, it's ties you down to a one mechanism.
Very frustrating.
Thank you !
--
View this message in context:
http://www.nabble.com/How-do-I-remove-%27S%27-from-HTTPS---JAAS-configured-on-tomcat%2C-JSF-webapp-tp25250419p25250419.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
