RE: https j_security_check now really Solved :P
Do I need to configure separate connectors for the isapi_redirect.dll to = work properly? I realize that this discussion is about apache, and not = iis, but I've had no ability to connect to = https://SAMPLE-DOMAIN.com:8443/examples, and I can't understand why. Patrick -Original Message- From: Julio César Chaves Fernández [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 12:33 AM To: Tomcat Users List Subject: RE: https j_security_check now really Solved :P Hi, Yes, it worked with only that connector ... the requests that came from http over apache and went to the AJP connector were redirected by te port defined as redirectPort in the connector...so changing this to 443 as in the second scheme you propose did the job...thanks for helping and again my apologies for all the trouble or headaches caused ;). Julio César Date: Tue, 19 Aug 2008 13:14:51 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check apparently Solved :P -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: I'm sorry but i read the previous question and now that i notice i doesn't make any sense given that apache is connecting tomcat by AJP connector ... the question would be if there is a way to redirect a request over http for an application that has a confidential transport guarantee defined in the application not through the port defined in the AJP connector but by port 443? If you want all traffic to be handled by Apache httpd and mod_jk in this way: Client --- HTTP (80) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTPS (443) --- Apache httpd --- AJP (8100) --- Tomcat Then you need only a single connector: Connector port=8100 protocol=AJP/1.3 / (Plus any other settings you want to add). Apache httpd will handle all of the HTTPS stuff for you. Remove all other connectors from Tomcat. If you want to be able to support alternate ports that go directly to Tomcat, like this: Client --- HTTP (80) --- Tomcat Client --- HTTPS (443) --- Tomcat Then you will need two connectors: Connector port=80 / Connector port=443 scheme=https sslProtocol=TLS/ (Plus any other settings you want to add). If you want to support both configurations at the same time, you will need 3 connectors, but each with unique port numbers. Something like this: Client --- HTTP (80) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTPS (443) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTP (8080) --- Tomcat Client --- HTTPS (8443) --- Tomcat Connector port=8100 protocol=AJP/1.3 / !-- for AJP -- Connector port=8080 redirectPort=8443 / !-- for HTTP -- Connector port=8443 scheme=https sslProtocol=TLS/ If you want to use port 443 as the redirect port for your 8080 connector, then go ahead and do it. However, to me it only makes sense to support /either/ direct-to-Tomcat /or/ via-Apache-httpd configurations. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiq/4sACgkQ9CaO5/Lv0PC7dwCgky/b57zH2RYKBc14jPo1mNXQ /g8AnAhjkevlaEyaoG0B7Pz3txgn8FFp =BhcA -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-ussource=wlmailtagline - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https j_security_check apparently Solved :P
Hi, Well, when i access the application over the AJP connector it does what it's suppossed to ... redirect it by the redirect port defined in the connector on the server.xml file. Its just that https is over port 443, so when it redirects by port 8463 defined in the AJP connector it gets a timeout error. Apache sends its requests to the connector with the port 8100 I assume ... so if i define a redirect port with 443 in it would it work ? TIA, Julio César Date: Fri, 15 Aug 2008 13:07:33 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check apparently Solved :P -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: the access is over Apache through the mod_jk connector (the one that connects with AJP13), and mapping with httpd.conf, but its also accessed by ports 8100 and 8443. I think you might reduce confusion if you debug one connector setup at a time. If you access your web application exclusively through Apache/AJP, does the application behave in the way you expect? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkilt9UACgkQ9CaO5/Lv0PCesACgkPPuZfbXi1JytUPG8JNN+/5s lAsAoKvBxJGtvVAdGL+gCXdqDYjYNdt/ =kJ9R -END PGP SIGNATURE- - _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE
RE: https j_security_check apparently Solved :P
Hi, I'm sorry but i read the previous question and now that i notice i doesn't make any sense given that apache is connecting tomcat by AJP connector ... the question would be if there is a way to redirect a request over http for an application that has a confidential transport guarantee defined in the application not through the port defined in the AJP connector but by port 443? TIA, Julio César From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: RE: https j_security_check apparently Solved :P Date: Tue, 19 Aug 2008 10:05:27 -0500 Hi, Well, when i access the application over the AJP connector it does what it's suppossed to ... redirect it by the redirect port defined in the connector on the server.xml file. Its just that https is over port 443, so when it redirects by port 8463 defined in the AJP connector it gets a timeout error. Apache sends its requests to the connector with the port 8100 I assume ... so if i define a redirect port with 443 in it would it work ? TIA, Julio César Date: Fri, 15 Aug 2008 13:07:33 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check apparently Solved :P -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: the access is over Apache through the mod_jk connector (the one that connects with AJP13), and mapping with httpd.conf, but its also accessed by ports 8100 and 8443. I think you might reduce confusion if you debug one connector setup at a time. If you access your web application exclusively through Apache/AJP, does the application behave in the way you expect? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkilt9UACgkQ9CaO5/Lv0PCesACgkPPuZfbXi1JytUPG8JNN+/5s lAsAoKvBxJGtvVAdGL+gCXdqDYjYNdt/ =kJ9R -END PGP SIGNATURE- - _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE
Re: https j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: Well, when i access the application over the AJP connector it does what it's supposed to ... redirect it by the redirect port defined in the connector on the server.xml file. Good. Its just that https is over port 443, so when it redirects by port 8463 defined in the AJP connector it gets a timeout error. You should not define the redirect port to be 8463, then. AJP has no SSL equivalent. Set the redirect port for the AJP connector to whatever the SSL port /should be/ for the user. Apache sends its requests to the connector with the port 8100 I assume ... so if i define a redirect port with 443 in it would it work ? The default redirect port should be 443 (which should actually append /no/ port, since the default HTTPS port is 443). I would imagine that this will work. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiq/V8ACgkQ9CaO5/Lv0PByDACeMzLMwnhde5E3Cyly+bdceOYp UbgAn2ctktlwtWJFM8C63C5N5j86JfLo =dOsC -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: https j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: I'm sorry but i read the previous question and now that i notice i doesn't make any sense given that apache is connecting tomcat by AJP connector ... the question would be if there is a way to redirect a request over http for an application that has a confidential transport guarantee defined in the application not through the port defined in the AJP connector but by port 443? If you want all traffic to be handled by Apache httpd and mod_jk in this way: Client --- HTTP (80) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTPS (443) --- Apache httpd --- AJP (8100) --- Tomcat Then you need only a single connector: Connector port=8100 protocol=AJP/1.3 / (Plus any other settings you want to add). Apache httpd will handle all of the HTTPS stuff for you. Remove all other connectors from Tomcat. If you want to be able to support alternate ports that go directly to Tomcat, like this: Client --- HTTP (80) --- Tomcat Client --- HTTPS (443) --- Tomcat Then you will need two connectors: Connector port=80 / Connector port=443 scheme=https sslProtocol=TLS/ (Plus any other settings you want to add). If you want to support both configurations at the same time, you will need 3 connectors, but each with unique port numbers. Something like this: Client --- HTTP (80) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTPS (443) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTP (8080) --- Tomcat Client --- HTTPS (8443) --- Tomcat Connector port=8100 protocol=AJP/1.3 /!-- for AJP -- Connector port=8080 redirectPort=8443 / !-- for HTTP -- Connector port=8443 scheme=https sslProtocol=TLS/ If you want to use port 443 as the redirect port for your 8080 connector, then go ahead and do it. However, to me it only makes sense to support /either/ direct-to-Tomcat /or/ via-Apache-httpd configurations. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiq/4sACgkQ9CaO5/Lv0PC7dwCgky/b57zH2RYKBc14jPo1mNXQ /g8AnAhjkevlaEyaoG0B7Pz3txgn8FFp =BhcA -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https j_security_check now really Solved :P
Hi, Yes, it worked with only that connector ... the requests that came from http over apache and went to the AJP connector were redirected by te port defined as redirectPort in the connector...so changing this to 443 as in the second scheme you propose did the job...thanks for helping and again my apologies for all the trouble or headaches caused ;). Julio César Date: Tue, 19 Aug 2008 13:14:51 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check apparently Solved :P -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: I'm sorry but i read the previous question and now that i notice i doesn't make any sense given that apache is connecting tomcat by AJP connector ... the question would be if there is a way to redirect a request over http for an application that has a confidential transport guarantee defined in the application not through the port defined in the AJP connector but by port 443? If you want all traffic to be handled by Apache httpd and mod_jk in this way: Client --- HTTP (80) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTPS (443) --- Apache httpd --- AJP (8100) --- Tomcat Then you need only a single connector: Connector port=8100 protocol=AJP/1.3 / (Plus any other settings you want to add). Apache httpd will handle all of the HTTPS stuff for you. Remove all other connectors from Tomcat. If you want to be able to support alternate ports that go directly to Tomcat, like this: Client --- HTTP (80) --- Tomcat Client --- HTTPS (443) --- Tomcat Then you will need two connectors: Connector port=80 / Connector port=443 scheme=https sslProtocol=TLS/ (Plus any other settings you want to add). If you want to support both configurations at the same time, you will need 3 connectors, but each with unique port numbers. Something like this: Client --- HTTP (80) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTPS (443) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTP (8080) --- Tomcat Client --- HTTPS (8443) --- Tomcat Connector port=8100 protocol=AJP/1.3 / !-- for AJP -- Connector port=8080 redirectPort=8443 / !-- for HTTP -- Connector port=8443 scheme=https sslProtocol=TLS/ If you want to use port 443 as the redirect port for your 8080 connector, then go ahead and do it. However, to me it only makes sense to support /either/ direct-to-Tomcat /or/ via-Apache-httpd configurations. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiq/4sACgkQ9CaO5/Lv0PC7dwCgky/b57zH2RYKBc14jPo1mNXQ /g8AnAhjkevlaEyaoG0B7Pz3txgn8FFp =BhcA -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-ussource=wlmailtagline
RE: https j_security_check apparently Solved :P
Hi, Ye, i think thats what i needed apparently the redirection was the problem ... thanks for your help and excuse my ignorance but ... i have this connectors: Service name=Catalina Connector URIEncoding=UTF-8 port=8100 minSpareThreads=25 connectionTimeout=2 uRIEncoding=UTF-8 maxThreads=300 maxSpareThreads=75 /Connector Connector port=8443 scheme=https secure=true debug=0 minSpareThreads=25 clientAuth=false keystoreType=PKCS12 keystorePass= maxThreads=150 maxSpareThreads=75 keystoreFile=/home/jakarta/tomcat-5.5.16-8100/conf/icesi.p12 sslProtocol=TLS /Connector Connector port=8029 redirectPort=8463 protocol=AJP/1.3 /Connector . . . and when I used the transport-guarantee tag and try to access the page it changes the url with the connector that has the AJP/1.3 protocol associated... do you know why could this happen? TIA, Julio César Date: Thu, 14 Aug 2008 12:29:38 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check apparently Solved :P -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: I was testing somethings within the login page that is configured in the web.xml file... and there was a piece of code doing a redirection to assure that the page is loaded over https... first i proved with a simple login page over https with no more than the login form ...and it worked as it supossed to ... then instead of insert the code to redirect the page over https I opened it with a url specifying https instead of http ... it worked ... so I changed back the form-login param in web.xml ... removed the redirection ... an tried again the same way i did with the simple login form ... and it worked ... now i have to ask ... did the redirection had something to do with this problem or do anyone know of a possible problem that can be raised when this is done?TIA, Honestly, I'm having a hard time understanding what you are doing. What is the additional redirection for? Why not simply use transport-guarantee in web.xml and let the container handle any HTTPS requirements? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkikXXIACgkQ9CaO5/Lv0PC1wgCgtUNuWDBsTqIPIjAfH64OPgv+ wf4An1rHKW4HmO15pAwckdz0msxOmLd2 =LSxR -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx
Re: https j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: Ye, i think thats what i needed apparently the redirection was the problem ... thanks for your help and excuse my ignorance but ... i have this connectors: Can you explain what each of these connectors is for? I can see one HTTPS, one HTTP, and one AJP13. How are you really accessing Tomcat? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkilnFEACgkQ9CaO5/Lv0PAkzgCdEdtYw4tgxGGmV0acfIaWyHCM e4oAoJPqTIEa/LkOjeJNeLW4cg4k/Qzv =/WE8 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https j_security_check apparently Solved :P
Hi, the access is over Apache through the mod_jk connector (the one that connects with AJP13), and mapping with httpd.conf, but its also accessed by ports 8100 and 8443. Date: Fri, 15 Aug 2008 11:10:09 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check apparently Solved :P -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: Ye, i think thats what i needed apparently the redirection was the problem ... thanks for your help and excuse my ignorance but ... i have this connectors: Can you explain what each of these connectors is for? I can see one HTTPS, one HTTP, and one AJP13. How are you really accessing Tomcat? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkilnFEACgkQ9CaO5/Lv0PAkzgCdEdtYw4tgxGGmV0acfIaWyHCM e4oAoJPqTIEa/LkOjeJNeLW4cg4k/Qzv =/WE8 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=createwx_url=/friends.aspxmkt=en-us
Re: https j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: the access is over Apache through the mod_jk connector (the one that connects with AJP13), and mapping with httpd.conf, but its also accessed by ports 8100 and 8443. I think you might reduce confusion if you debug one connector setup at a time. If you access your web application exclusively through Apache/AJP, does the application behave in the way you expect? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkilt9UACgkQ9CaO5/Lv0PCesACgkPPuZfbXi1JytUPG8JNN+/5s lAsAoKvBxJGtvVAdGL+gCXdqDYjYNdt/ =kJ9R -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https j_security_check apparently Solved :P
Hi, I was testing somethings within the login page that is configured in the web.xml file... and there was a piece of code doing a redirection to assure that the page is loaded over https... first i proved with a simple login page over https with no more than the login form ...and it worked as it supossed to ... then instead of insert the code to redirect the page over https I opened it with a url specifying https instead of http ... it worked ... so I changed back the form-login param in web.xml ... removed the redirection ... an tried again the same way i did with the simple login form ... and it worked ... now i have to ask ... did the redirection had something to do with this problem or do anyone know of a possible problem that can be raised when this is done?TIA, Julio César Date: Wed, 13 Aug 2008 13:44:39 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | The 302 sends me back to the login page ... honestly i can't totally | blame https ... i tested the applicaction with https via JSSE and it | works (this was done in my pc)... but when i changed the application | to another server https became the main issue where before it wasn't | ... so i'm trying to find what the real problem is ... it's just that | the only thing different between the working and the not working | application is the use of https. If you moved the application to another server, is it possible that the login itself is actually failing, and Tomcat is reacting correctly? One of my complaints about TC's authenticator is that it tends to swallow errors. You might try to write a little test on the new server to see if you can correctly access your user database. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkijHYcACgkQ9CaO5/Lv0PCYpwCff97yGzzjteCe6NPrVmVV0XmP 8LIAoKqGTkkbfvwIorRXRlMUa5y6KkWG =PKpu -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx
Re: https j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: I was testing somethings within the login page that is configured in the web.xml file... and there was a piece of code doing a redirection to assure that the page is loaded over https... first i proved with a simple login page over https with no more than the login form ...and it worked as it supossed to ... then instead of insert the code to redirect the page over https I opened it with a url specifying https instead of http ... it worked ... so I changed back the form-login param in web.xml ... removed the redirection ... an tried again the same way i did with the simple login form ... and it worked ... now i have to ask ... did the redirection had something to do with this problem or do anyone know of a possible problem that can be raised when this is done?TIA, Honestly, I'm having a hard time understanding what you are doing. What is the additional redirection for? Why not simply use transport-guarantee in web.xml and let the container handle any HTTPS requirements? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkikXXIACgkQ9CaO5/Lv0PC1wgCgtUNuWDBsTqIPIjAfH64OPgv+ wf4An1rHKW4HmO15pAwckdz0msxOmLd2 =LSxR -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https j_security_check
Hi, I was checking the http in my application and the server response is a 302 ... what could possibly do this when using https ... could it be something related to the URL ... or how could the server get confused given that with http it works fine. TIA, Julio César _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vistamkt=en-USform=QBRE
Re: https j_security_check
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | I was checking the http in my application and the server response is | a 302 ... what could possibly do this when using https ... could it | be something related to the URL ... or how could the server get | confused given that with http it works fine. Are you switching between HTTP and HTTPS? Some folks try to use HTTPS for the login and then redirect to HTTP for the rest of the application. That doesn't work unless the session cookie has been created from a non-secure URL. Otherwise the cookie itself is marked as secure and won't be sent by your browser when you switch back to HTTP. Could this be your problem? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkijBCIACgkQ9CaO5/Lv0PD5/QCfVCw6UgMkYilZqsVUnKRQAznX 8xwAni9vqVdMJpHV7Z0jJQoTqicT3Ct3 =hk6b -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https j_security_check
No i'm working with https all the time ... when it's only over http the application works ... it's just that i've been reading about something related to j_security_check and that it adds port 80 to the url ... so i don't know if it's related to my problem... i read this in http://www.velocityreviews.com/forums/t145712-load-balancing-an-https-java-web-application-in-tomcat.html ... may be i'm wrong or i don't have the right idea ... but when i saw that 302 the only thing that came to my mind was some problem related to the url and the server not finding the associated resources ... i'm checking if maybe thats the reason... Julio César Date: Wed, 13 Aug 2008 11:56:19 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | I was checking the http in my application and the server response is | a 302 ... what could possibly do this when using https ... could it | be something related to the URL ... or how could the server get | confused given that with http it works fine. Are you switching between HTTP and HTTPS? Some folks try to use HTTPS for the login and then redirect to HTTP for the rest of the application. That doesn't work unless the session cookie has been created from a non-secure URL. Otherwise the cookie itself is marked as secure and won't be sent by your browser when you switch back to HTTP. Could this be your problem? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkijBCIACgkQ9CaO5/Lv0PD5/QCfVCw6UgMkYilZqsVUnKRQAznX 8xwAni9vqVdMJpHV7Z0jJQoTqicT3Ct3 =hk6b -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE
Re: https j_security_check
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | No i'm working with https all the time ... when it's only over http | the application works ... it's just that i've been reading about | something related to j_security_check and that it adds port 80 to the | url Tomcat does not add port 80 to the URL. It uses whatever port was already being used. | ... so i don't know if it's related to my problem... i read this | in | http://www.velocityreviews.com/forums/t145712-load-balancing-an-https-java-web-application-in-tomcat.html | ... may be i'm wrong or i don't have the right idea ... but when i | saw that 302 the only thing that came to my mind was some problem | related to the url and the server not finding the associated | resources ... i'm checking if maybe thats the reason... Where does the 302 send you? Back to the login-error page? Are you sure that the only difference between a working configuration and a non-working configuration is the use of HTTPs? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkijCesACgkQ9CaO5/Lv0PA3cwCfUeM4okC0y2h7QQlTcb5p4w2R zPkAn09q7o10IodI+udoVCSLz92HDFOS =E4Jq -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https j_security_check
The 302 sends me back to the login page ... honestly i can't totally blame https ... i tested the applicaction with https via JSSE and it works (this was done in my pc)... but when i changed the application to another server https became the main issue where before it wasn't ... so i'm trying to find what the real problem is ... it's just that the only thing different between the working and the not working application is the use of https. Julio César Date: Wed, 13 Aug 2008 12:20:59 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | No i'm working with https all the time ... when it's only over http | the application works ... it's just that i've been reading about | something related to j_security_check and that it adds port 80 to the | url Tomcat does not add port 80 to the URL. It uses whatever port was already being used. | ... so i don't know if it's related to my problem... i read this | in | http://www.velocityreviews.com/forums/t145712-load-balancing-an-https-java-web-application-in-tomcat.html | ... may be i'm wrong or i don't have the right idea ... but when i | saw that 302 the only thing that came to my mind was some problem | related to the url and the server not finding the associated | resources ... i'm checking if maybe thats the reason... Where does the 302 send you? Back to the login-error page? Are you sure that the only difference between a working configuration and a non-working configuration is the use of HTTPs? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkijCesACgkQ9CaO5/Lv0PA3cwCfUeM4okC0y2h7QQlTcb5p4w2R zPkAn09q7o10IodI+udoVCSLz92HDFOS =E4Jq -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx
Re: https j_security_check
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | The 302 sends me back to the login page ... honestly i can't totally | blame https ... i tested the applicaction with https via JSSE and it | works (this was done in my pc)... but when i changed the application | to another server https became the main issue where before it wasn't | ... so i'm trying to find what the real problem is ... it's just that | the only thing different between the working and the not working | application is the use of https. If you moved the application to another server, is it possible that the login itself is actually failing, and Tomcat is reacting correctly? One of my complaints about TC's authenticator is that it tends to swallow errors. You might try to write a little test on the new server to see if you can correctly access your user database. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkijHYcACgkQ9CaO5/Lv0PCYpwCff97yGzzjteCe6NPrVmVV0XmP 8LIAoKqGTkkbfvwIorRXRlMUa5y6KkWG =PKpu -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https j_security_check
Yes, it is the way it's designed ... but my problem is when the user and password are right ... i doesn't takes me to the site but leaves me again in the login page (this when I have https, without it the application works fine)... with the redirection to the form-error page defined in the web.xml file i know that it tries to authenticate the user and if it fails everything works how it's supossed to ... with https the authentication, although correct, redirects me to the login page ... so my problem is when i have https active ... otherwise everything works perfectly. Thanks again for helping. Julio César Date: Fri, 8 Aug 2008 22:46:05 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | The curious thing is that when the password is | wrong the redirection is to the form-error page defined in the | web.xml file. So, I was hoping you could give me some sort of advice | or where could I start looking to know why it behaves like that. Perhaps I have misunderstood your question, but what you describe above is simply the way that form-based authentication is designed in the servlet specification. See section 12.5.3 of the servlet specification for the full story. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkidBO0ACgkQ9CaO5/Lv0PAL2wCfZfMx+WfG0pXRFkzC2JBIBSi6 sdkAnjhzQVfyHLESWHHFlbfLiYix4sOe =Fy6M -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=createwx_url=/friends.aspxmkt=en-us
Re: https j_security_check
Julio César Chaves Fernández wrote: but my problem is when the user and password are right ... i doesn't takes me to the site but leaves me again in the login page Are you logging in over https? Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: https j_security_check
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | The curious thing is that when the password is | wrong the redirection is to the form-error page defined in the | web.xml file. So, I was hoping you could give me some sort of advice | or where could I start looking to know why it behaves like that. Perhaps I have misunderstood your question, but what you describe above is simply the way that form-based authentication is designed in the servlet specification. See section 12.5.3 of the servlet specification for the full story. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkidBO0ACgkQ9CaO5/Lv0PAL2wCfZfMx+WfG0pXRFkzC2JBIBSi6 sdkAnjhzQVfyHLESWHHFlbfLiYix4sOe =Fy6M -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
