RE: https & j_security_check apparently Solved :P
Hi, I was testing somethings within the login page that is configured in the web.xml file... and there was a piece of code doing a redirection to assure that the page is loaded over https... first i proved with a simple login page over https with no more than the login form ...and it worked as it supossed to ... then instead of insert the code to redirect the page over https I opened it with a url specifying https instead of http ... it worked ... so I changed back the form-login param in web.xml ... removed the redirection ... an tried again the same way i did with the simple login form ... and it worked ... now i have to ask ... did the redirection had something to do with this problem or do anyone know of a possible problem that can be raised when this is done?TIA, Julio César > Date: Wed, 13 Aug 2008 13:44:39 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check> > -BEGIN > PGP SIGNED MESSAGE-> Hash: SHA1> > Julio,> > Julio César Chaves Fernández > wrote:> | The 302 sends me back to the login page ... honestly i can't > totally> | blame https ... i tested the applicaction with https via JSSE and > it> | works (this was done in my pc)... but when i changed the application> | > to another server https became the main issue where before it wasn't> | ... > so i'm trying to find what the real problem is ... it's just that> | the only > thing different between the working and the not working> | application is the > use of https.> > If you moved the application to another server, is it > possible that the> login itself is actually failing, and Tomcat is reacting > correctly?> > One of my complaints about TC's authenticator is that it tends > to> swallow errors. You might try to write a little test on the new server> > to see if you can correctly access your user database.> > - -chris> > -BEGIN PGP SIGNATURE-> Version: GnuPG v1.4.9 (MingW32)> Comment: > Using GnuPG with Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkijHYcACgkQ9CaO5/Lv0PCYpwCff97yGzzjteCe6NPrVmVV0XmP> > 8LIAoKqGTkkbfvwIorRXRlMUa5y6KkWG> =PKpu> -END PGP SIGNATURE-> > > -> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx
Re: https & j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: > I was testing somethings within the login page that is configured in > the web.xml file... and there was a piece of code doing a redirection > to assure that the page is loaded over https... first i proved with a > simple login page over https with no more than the login form ...and > it worked as it supossed to ... then instead of insert the code to > redirect the page over https I opened it with a url specifying https > instead of http ... it worked ... so I changed back the form-login > param in web.xml ... removed the redirection ... an tried again the > same way i did with the simple login form ... and it worked ... now i > have to ask ... did the redirection had something to do with this > problem or do anyone know of a possible problem that can be raised > when this is done?TIA, Honestly, I'm having a hard time understanding what you are doing. What is the additional redirection for? Why not simply use in web.xml and let the container handle any HTTPS requirements? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkikXXIACgkQ9CaO5/Lv0PC1wgCgtUNuWDBsTqIPIjAfH64OPgv+ wf4An1rHKW4HmO15pAwckdz0msxOmLd2 =LSxR -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https & j_security_check apparently Solved :P
Hi, Ye, i think thats what i needed apparently the redirection was the problem ... thanks for your help and excuse my ignorance but ... i have this connectors: . . . and when I used the transport-guarantee tag and try to access the page it changes the url with the connector that has the AJP/1.3 protocol associated... do you know why could this happen? TIA, Julio César > Date: Thu, 14 Aug 2008 12:29:38 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check apparently > Solved :P> > -BEGIN PGP SIGNED MESSAGE-> Hash: SHA1> > Julio,> > > Julio César Chaves Fernández wrote:> > I was testing somethings within the > login page that is configured in> > the web.xml file... and there was a piece > of code doing a redirection> > to assure that the page is loaded over > https... first i proved with a> > simple login page over https with no more > than the login form ...and> > it worked as it supossed to ... then instead of > insert the code to> > redirect the page over https I opened it with a url > specifying https> > instead of http ... it worked ... so I changed back the > form-login> > param in web.xml ... removed the redirection ... an tried again > the> > same way i did with the simple login form ... and it worked ... now i> > > have to ask ... did the redirection had something to do with this> > > problem or do anyone know of a possible problem that can be raised> > when > this is done?TIA,> > Honestly, I'm having a hard time understanding what you > are doing. What> is the additional redirection for? Why not simply use> > in web.xml and let the container handle any HTTPS> > requirements?> > - -chris> -BEGIN PGP SIGNATURE-> Version: GnuPG > v1.4.9 (MingW32)> Comment: Using GnuPG with Mozilla - > http://enigmail.mozdev.org> > > iEYEARECAAYFAkikXXIACgkQ9CaO5/Lv0PC1wgCgtUNuWDBsTqIPIjAfH64OPgv+> > wf4An1rHKW4HmO15pAwckdz0msxOmLd2> =LSxR> -END PGP SIGNATURE-> > > -> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx
Re: https & j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: > Ye, i think thats what i needed apparently the redirection was > the problem ... thanks for your help and excuse my ignorance but ... > i have this connectors: Can you explain what each of these connectors is for? I can see one HTTPS, one HTTP, and one AJP13. How are you really accessing Tomcat? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkilnFEACgkQ9CaO5/Lv0PAkzgCdEdtYw4tgxGGmV0acfIaWyHCM e4oAoJPqTIEa/LkOjeJNeLW4cg4k/Qzv =/WE8 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https & j_security_check apparently Solved :P
Hi, the access is over Apache through the mod_jk connector (the one that connects with AJP13), and mapping with httpd.conf, but its also accessed by ports 8100 and 8443. > Date: Fri, 15 Aug 2008 11:10:09 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check apparently > Solved :P> > -BEGIN PGP SIGNED MESSAGE-> Hash: SHA1> > Julio,> > > Julio César Chaves Fernández wrote:> > Ye, i think thats what i needed > apparently the redirection was> > the problem ... thanks for your help and > excuse my ignorance but ...> > i have this connectors:> > Can you explain > what each of these connectors is for?> > I can see one HTTPS, one HTTP, and > one AJP13. How are you really> accessing Tomcat?> > - -chris> -BEGIN PGP > SIGNATURE-> Version: GnuPG v1.4.9 (MingW32)> Comment: Using GnuPG with > Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkilnFEACgkQ9CaO5/Lv0PAkzgCdEdtYw4tgxGGmV0acfIaWyHCM> > e4oAoJPqTIEa/LkOjeJNeLW4cg4k/Qzv> =/WE8> -END PGP SIGNATURE-> > > -> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
Re: https & j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: > the access is over Apache through the mod_jk connector (the one that > connects with AJP13), and mapping with httpd.conf, but its also > accessed by ports 8100 and 8443. I think you might reduce confusion if you debug one connector setup at a time. If you access your web application exclusively through Apache/AJP, does the application behave in the way you expect? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkilt9UACgkQ9CaO5/Lv0PCesACgkPPuZfbXi1JytUPG8JNN+/5s lAsAoKvBxJGtvVAdGL+gCXdqDYjYNdt/ =kJ9R -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https & j_security_check apparently Solved :P
Hi, Well, when i access the application over the AJP connector it does what it's suppossed to ... redirect it by the redirect port defined in the connector on the server.xml file. Its just that https is over port 443, so when it redirects by port 8463 defined in the AJP connector it gets a timeout error. Apache sends its requests to the connector with the port 8100 I assume ... so if i define a redirect port with 443 in it would it work ? TIA, Julio César > Date: Fri, 15 Aug 2008 13:07:33 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check apparently > Solved :P> > -BEGIN PGP SIGNED MESSAGE-> Hash: SHA1> > Julio,> > > Julio César Chaves Fernández wrote:> > the access is over Apache through the > mod_jk connector (the one that> > connects with AJP13), and mapping with > httpd.conf, but its also> > accessed by ports 8100 and 8443.> > I think you > might reduce confusion if you debug one connector setup at a> time. If you > access your web application exclusively through Apache/AJP,> does the > application behave in the way you expect?> > - -chris> > -BEGIN PGP > SIGNATURE-> Version: GnuPG v1.4.9 (MingW32)> Comment: Using GnuPG with > Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkilt9UACgkQ9CaO5/Lv0PCesACgkPPuZfbXi1JytUPG8JNN+/5s> > lAsAoKvBxJGtvVAdGL+gCXdqDYjYNdt/> =kJ9R> -END PGP SIGNATURE-> > > - _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
RE: https & j_security_check apparently Solved :P
Hi, I'm sorry but i read the previous question and now that i notice i doesn't make any sense given that apache is connecting tomcat by AJP connector ... the question would be if there is a way to redirect a request over http for an application that has a confidential transport guarantee defined in the application not through the port defined in the AJP connector but by port 443? TIA, Julio César > From: [EMAIL PROTECTED]> To: users@tomcat.apache.org> Subject: RE: https & > j_security_check apparently Solved :P> Date: Tue, 19 Aug 2008 10:05:27 -0500> > > Hi,> > Well, when i access the application over the AJP connector it does > what it's suppossed to ... redirect it by the redirect port defined in the > connector on the server.xml file. Its just that https is over port 443, so > when it redirects by port 8463 defined in the AJP connector it gets a timeout > error. Apache sends its requests to the connector with the port 8100 I assume > ... so if i define a redirect port with 443 in it would it work ?> > TIA,> > > Julio César> > > > > Date: Fri, 15 Aug 2008 13:07:33 -0400> From: [EMAIL > PROTECTED]> To: users@tomcat.apache.org> Subject: Re: https & > j_security_check apparently Solved :P> > -BEGIN PGP SIGNED MESSAGE-> > Hash: SHA1> > Julio,> > Julio César Chaves Fernández wrote:> > the access is > over Apache through the mod_jk connector (the one that> > connects with > AJP13), and mapping with httpd.conf, but its also> > accessed by ports 8100 > and 8443.> > I think you might reduce confusion if you debug one connector > setup at a> time. If you access your web application exclusively through > Apache/AJP,> does the application behave in the way you expect?> > - -chris> > > -BEGIN PGP SIGNATURE-> Version: GnuPG v1.4.9 (MingW32)> Comment: > Using GnuPG with Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkilt9UACgkQ9CaO5/Lv0PCesACgkPPuZfbXi1JytUPG8JNN+/5s> > lAsAoKvBxJGtvVAdGL+gCXdqDYjYNdt/> =kJ9R> -END PGP SIGNATURE-> > > -> > _> Explore > the seven wonders of the world> > http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
Re: https & j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: > Well, when i access the application over the AJP connector it does > what it's supposed to ... redirect it by the redirect port defined in > the connector on the server.xml file. Good. > Its just that https is over port 443, so when it redirects by port > 8463 defined in the AJP connector it gets a timeout error. You should not define the redirect port to be 8463, then. AJP has no SSL equivalent. Set the redirect port for the AJP connector to whatever the SSL port /should be/ for the user. > Apache sends its requests to the connector with the port 8100 I > assume ... so if i define a redirect port with 443 in it would it > work ? The default redirect port should be 443 (which should actually append /no/ port, since the default HTTPS port is 443). I would imagine that this will work. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiq/V8ACgkQ9CaO5/Lv0PByDACeMzLMwnhde5E3Cyly+bdceOYp UbgAn2ctktlwtWJFM8C63C5N5j86JfLo =dOsC -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: https & j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: > I'm sorry but i read the previous question and now that i notice i > doesn't make any sense given that apache is connecting tomcat by AJP > connector ... the question would be if there is a way to redirect a > request over http for an application that has a confidential > transport guarantee defined in the application not through the port > defined in the AJP connector but by port 443? If you want all traffic to be handled by Apache httpd and mod_jk in this way: Client --- HTTP (80) ---> Apache httpd --- AJP (8100) ---> Tomcat Client --- HTTPS (443) ---> Apache httpd --- AJP (8100) ---> Tomcat Then you need only a single connector: (Plus any other settings you want to add). Apache httpd will handle all of the HTTPS stuff for you. Remove all other connectors from Tomcat. If you want to be able to support alternate ports that go directly to Tomcat, like this: Client --- HTTP (80) ---> Tomcat Client --- HTTPS (443) ---> Tomcat Then you will need two connectors: (Plus any other settings you want to add). If you want to support both configurations at the same time, you will need 3 connectors, but each with unique port numbers. Something like this: Client --- HTTP (80) ---> Apache httpd --- AJP (8100) ---> Tomcat Client --- HTTPS (443) ---> Apache httpd --- AJP (8100) ---> Tomcat Client --- HTTP (8080) ---> Tomcat Client --- HTTPS (8443) ---> Tomcat If you want to use port 443 as the redirect port for your 8080 connector, then go ahead and do it. However, to me it only makes sense to support /either/ direct-to-Tomcat /or/ via-Apache-httpd configurations. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiq/4sACgkQ9CaO5/Lv0PC7dwCgky/b57zH2RYKBc14jPo1mNXQ /g8AnAhjkevlaEyaoG0B7Pz3txgn8FFp =BhcA -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]