RE: sendRedirect scheme
Hi Rainer Thanks for the information, I have tried all the possible combinations connector port=80 protocol=HTTP/1.1 scheme=http.../ In spite of all this the protocol on sendRedirect sets the URL to be https.. I am having trouble bringing up the source code for this, I will probably have to check to see what's going on that front.. anybody have any more insights into this? --Sid -Original Message- From: Rainer Jung [mailto:[EMAIL PROTECTED] Sent: Thursday, December 28, 2006 5:02 PM To: Tomcat Users List Subject: Re: sendRedirect scheme You can use the following config params in the connector element for the connector you are using (see http://tomcat.apache.org/tomcat-5.5-doc/config/http.html): - protocol - proxyName - proxyPort - redirectPort - scheme - secure Regards, Rainer Siddhartha Subramanian schrieb: Hi Is there is way we can specify tomcat not to] change the protocol scheme on redirecting relative URL's? example http://localhost/myapp http://localhost/myapp post does s response.sendRedirect(/myapp/mynextlocation?name=test) tomcat (using 5.5) makes this into https://localhost/myapp/mynextlocation?name=test https://localhost/myapp/mynextlocation?name=test and obviously since I do not have anything running on secure mode at the port 443 this fails.. I tried to do a response.sendRedirect(http://+remoteaddress+/myapp/mynextlocation?nam e=test) tomcat just ignored my protocol specification. any input help will be appreciated. --Sid - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: sendRedirect scheme
From: Siddhartha Subramanian [mailto:[EMAIL PROTECTED] Subject: RE: sendRedirect scheme Thanks for the information, I have tried all the possible combinations connector port=80 protocol=HTTP/1.1 scheme=http.../ You don't seem to be providing much real information in any of your posts. At least tell us the exact Tomcat level and provide your actual relevant config files. (Your above sample, using connector rather than Connector, is obviously not correct.) In this instance, also include the name and level of the browser you're using; there are known issues in IE6 about mishandling redirects. You might want to do a packet capture so you can differentiate between what Tomcat's sending and what the browser is deciding to interpret it as. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: sendRedirect scheme
Hi Chuck
Well I was giving a high level view of the problem incase there was
someone who already ran into the problem and could give insight without
having to go through a verbose email.. But thanks for the feedback.
Here is the detailed information:
Setup
Migrating an existing application that works on Sun One onto Tomcat.
Tomcat version:
Tomcat 5.5.2
Browsers:
Firefox 2.0 (redirects with https in the URL)
IE 6 (redirect fails)
Server.xml snippet of the connector:(everything else is standard as out
of the box)
Connector port=80 address=${jboss.bind.address} maxThreads=250
strategy=ms maxHttpHeaderSize=8192 emptySessionPath=true
enableLookups=false acceptCount=100 connectionTimeout=2
disableUploadTimeout=true protocol=HTTP/1.1 scheme=http/
--Sid
-Original Message-
From: Caldarale, Charles R [mailto:[EMAIL PROTECTED]
Sent: Friday, December 29, 2006 3:37 PM
To: Tomcat Users List
Subject: RE: sendRedirect scheme
From: Siddhartha Subramanian
[mailto:[EMAIL PROTECTED]
Subject: RE: sendRedirect scheme
Thanks for the information, I have tried all the possible
combinations
connector port=80 protocol=HTTP/1.1 scheme=http.../
You don't seem to be providing much real information in any of your
posts. At least tell us the exact Tomcat level and provide your actual
relevant config files. (Your above sample, using connector rather
than Connector, is obviously not correct.) In this instance, also
include the name and level of the browser you're using; there are known
issues in IE6 about mishandling redirects. You might want to do a
packet capture so you can differentiate between what Tomcat's sending
and what the browser is deciding to interpret it as.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: sendRedirect scheme
In one of those exceedingly rare moments where I agree with the previous poster can you cut and paste your entire server.xml into the message body? Also which browser version are you testing with? Thx, --- This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. --- Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire. - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, December 29, 2006 4:36 PM Subject: RE: sendRedirect scheme From: Siddhartha Subramanian [mailto:[EMAIL PROTECTED] Subject: RE: sendRedirect scheme Thanks for the information, I have tried all the possible combinations connector port=80 protocol=HTTP/1.1 scheme=http.../ You don't seem to be providing much real information in any of your posts. At least tell us the exact Tomcat level and provide your actual relevant config files. (Your above sample, using connector rather than Connector, is obviously not correct.) In this instance, also include the name and level of the browser you're using; there are known issues in IE6 about mishandling redirects. You might want to do a packet capture so you can differentiate between what Tomcat's sending and what the browser is deciding to interpret it as. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: sendRedirect scheme
. If this valve is used, do not use the JBoss ClusteredSingleSignOn valve shown below. A new configuration attribute is available beginning with release 4.0.4: cookieDomain configures the domain to which the SSO cookie will be scoped (i.e. the set of hosts to which the cookie will be presented). By default the cookie is scoped to /, meaning the host that presented it. Set cookieDomain to a wider domain (e.g. xyz.com) to allow an SSO to span more than one hostname. -- !-- Valve className=org.apache.catalina.authenticator.SingleSignOn / -- !-- Uncomment to enable single sign-on across web apps deployed to this host AND to all other hosts in the cluster. If this valve is used, do not use the standard Tomcat SingleSignOn valve shown above. Valve uses a JBossCache instance to support SSO credential caching and replication across the cluster. The JBossCache instance must be configured separately. By default, the valve shares a JBossCache with the service that supports HttpSession replication. See the tc5-cluster-service.xml file in the server/all/deploy directory for cache configuration details. Besides the attributes supported by the standard Tomcat SingleSignOn valve (see the Tomcat docs), this version also supports the following attributes: cookieDomain see above treeCacheName JMX ObjectName of the JBossCache MBean used to support credential caching and replication across the cluster. If not set, the default value is jboss.cache:service=TomcatClusteringCache, the standard ObjectName of the JBossCache MBean used to support session replication. -- !-- Valve className=org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn / -- !-- Check for unclosed connections and transaction terminated checks in servlets/jsps. Important: The dependency on the CachedConnectionManager in META-INF/jboss-service.xml must be uncommented, too -- Valve className=org.jboss.web.tomcat.tc5.jca.CachedConnectionValve cachedConnectionManagerObjectName=jboss.jca:service=CachedConnectionManager transactionManagerObjectName=jboss:service=TransactionManager/ /Host /Engine /Service /Server -Original Message- From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: Friday, December 29, 2006 4:06 PM To: Tomcat Users List Subject: Re: sendRedirect scheme In one of those exceedingly rare moments where I agree with the previous poster can you cut and paste your entire server.xml into the message body? Also which browser version are you testing with? Thx, --- This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. --- Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire. - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, December 29, 2006 4:36 PM Subject: RE: sendRedirect scheme From: Siddhartha Subramanian [mailto:[EMAIL PROTECTED] Subject: RE: sendRedirect scheme Thanks for the information, I have tried all the possible combinations connector port=80 protocol=HTTP/1.1 scheme=http.../ You don't seem to be providing much real information in any
RE: sendRedirect scheme
When a new war file is added the war gets deployed to the local instance, and then deployed to the other instances in the cluster. When a war file is deleted from the watchDir the war is undeployed locally and cluster wide -- !-- Cluster className=org.apache.catalina.cluster.tcp.SimpleTcpCluster managerClassName=org.apache.catalina.cluster.session.DeltaManager expireSessionsOnShutdown=false useDirtyFlag=true notifyListenersOnReplication=true Membership className=org.apache.catalina.cluster.mcast.McastService mcastAddr=228.0.0.4 mcastPort=45564 mcastFrequency=500 mcastDropTime=3000/ Receiver className=org.apache.catalina.cluster.tcp.ReplicationListener tcpListenAddress=auto tcpListenPort=4001 tcpSelectorTimeout=100 tcpThreadCount=6/ Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=pooled ackTimeout=15000 waitForAck=true/ Valve className=org.apache.catalina.cluster.tcp.ReplicationValve filter=.*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;/ Deployer className=org.apache.catalina.cluster.deploy.FarmWarDeployer tempDir=/tmp/war-temp/ deployDir=/tmp/war-deploy/ watchDir=/tmp/war-listen/ watchEnabled=false/ ClusterListener className=org.apache.catalina.cluster.session.ClusterSessionListener/ /Cluster -- !-- Normally, users must authenticate themselves to each web app individually. Uncomment the following entry if you would like a user to be authenticated the first time they encounter a resource protected by a security constraint, and then have that user identity maintained across *all* web applications contained in this virtual host. -- !-- Valve className=org.apache.catalina.authenticator.SingleSignOn / -- !-- Access log processes all requests for this virtual host. By default, log files are created in the logs directory relative to $CATALINA_HOME. If you wish, you can specify a different directory with the directory attribute. Specify either a relative (to $CATALINA_HOME) or absolute path to the desired directory. -- !-- Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=common resolveHosts=false/ -- !-- Access log processes all requests for this virtual host. By default, log files are created in the logs directory relative to $CATALINA_HOME. If you wish, you can specify a different directory with the directory attribute. Specify either a relative (to $CATALINA_HOME) or absolute path to the desired directory. This access log implementation is optimized for maximum performance, but is hardcoded to support only the common and combined patterns. -- !-- Valve className=org.apache.catalina.valves.FastCommonAccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=common resolveHosts=false/ -- /Host /Engine /Service /Server -Original Message- From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: Friday, December 29, 2006 4:06 PM To: Tomcat Users List Subject: Re: sendRedirect scheme In one of those exceedingly rare moments where I agree with the previous poster can you cut and paste your entire server.xml into the message body? Also which browser version are you testing with? Thx, --- This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited
RE: sendRedirect scheme
From: Siddhartha Subramanian
[mailto:[EMAIL PROTECTED]
Subject: RE: sendRedirect scheme
Tomcat version:
Tomcat 5.5.2
I'll assume that's 5.5.20, not a seriously outdated, buggy level.
Connector port=80 address=${jboss.bind.address} maxThreads=250
strategy=ms maxHttpHeaderSize=8192 emptySessionPath=true
enableLookups=false acceptCount=100 connectionTimeout=2
disableUploadTimeout=true protocol=HTTP/1.1 scheme=http/
The above shows a JBoss connector config, as does your next post, but
the one following that showed a standalone Tomcat connector. Let's say
the variety of configs you've sent doesn't give me warm fuzzies that
we've seen the actual config you're running.
In the config above, the only odd things are the strategy and
emptySessionPath attributes; those should not have an effect on the
redirect protocol, but they are unusual settings.
Connector port=80 maxHttpHeaderSize=8192 maxThreads=150
minSpareThreads=25 maxSpareThreads=75 enableLookups=false
acceptCount=100 connectionTimeout=2
disableUploadTimeout=true
protocol=HTTP/1.1 scheme=http/
The above connector config (from the 3rd version you sent) looks fine.
Everything I've seen so far would indicate that somewhere you've got a
web.xml with a transport-guarantee of CONFIDENTIAL specified. This
could be in the global one (conf/web.xml) or in the web.xml for the app
in question. Tomcat certainly does not change protocols arbitrarily; as
an example, look at the admin app's index.jsp file, which does a
redirect to frameset.jsp, without switching to https.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: sendRedirect scheme
Thanks Chuck. The configuration is a standalone tomcat. I sent out a
wrong configuration initially with the Jboss one had too many things
going on at the same time. I shall check out the transport-guarantee
sounds like the most plausible lead.
Thanks a lot.
--Sid
-Original Message-
From: Caldarale, Charles R [mailto:[EMAIL PROTECTED]
Sent: Friday, December 29, 2006 11:33 PM
To: Tomcat Users List
Subject: RE: sendRedirect scheme
From: Siddhartha Subramanian
[mailto:[EMAIL PROTECTED]
Subject: RE: sendRedirect scheme
Tomcat version:
Tomcat 5.5.2
I'll assume that's 5.5.20, not a seriously outdated, buggy level.
Connector port=80 address=${jboss.bind.address} maxThreads=250
strategy=ms maxHttpHeaderSize=8192 emptySessionPath=true
enableLookups=false acceptCount=100 connectionTimeout=2
disableUploadTimeout=true protocol=HTTP/1.1 scheme=http/
The above shows a JBoss connector config, as does your next post, but
the one following that showed a standalone Tomcat connector. Let's say
the variety of configs you've sent doesn't give me warm fuzzies that
we've seen the actual config you're running.
In the config above, the only odd things are the strategy and
emptySessionPath attributes; those should not have an effect on the
redirect protocol, but they are unusual settings.
Connector port=80 maxHttpHeaderSize=8192 maxThreads=150
minSpareThreads=25 maxSpareThreads=75 enableLookups=false
acceptCount=100 connectionTimeout=2
disableUploadTimeout=true
protocol=HTTP/1.1 scheme=http/
The above connector config (from the 3rd version you sent) looks fine.
Everything I've seen so far would indicate that somewhere you've got a
web.xml with a transport-guarantee of CONFIDENTIAL specified. This
could be in the global one (conf/web.xml) or in the web.xml for the app
in question. Tomcat certainly does not change protocols arbitrarily; as
an example, look at the admin app's index.jsp file, which does a
redirect to frameset.jsp, without switching to https.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: sendRedirect scheme
You can use the following config params in the connector element for the connector you are using (see http://tomcat.apache.org/tomcat-5.5-doc/config/http.html): - protocol - proxyName - proxyPort - redirectPort - scheme - secure Regards, Rainer Siddhartha Subramanian schrieb: Hi Is there is way we can specify tomcat not to] change the protocol scheme on redirecting relative URL's? example http://localhost/myapp http://localhost/myapp post does s response.sendRedirect(/myapp/mynextlocation?name=test) tomcat (using 5.5) makes this into https://localhost/myapp/mynextlocation?name=test https://localhost/myapp/mynextlocation?name=test and obviously since I do not have anything running on secure mode at the port 443 this fails.. I tried to do a response.sendRedirect(http://+remoteaddress+/myapp/mynextlocation?nam e=test) tomcat just ignored my protocol specification. any input help will be appreciated. --Sid - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
