Re: Server returned HTTP response code: 408 for URL: https...j_security_check
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
To whom it may concern,
(Can you set your name in your email client? It's irritating to write to
an email address that doesn't indicate a name. You also don't include
your name in your posts.)
removeps-gro...@yahoo.com wrote:
> URL url = new
> URL("https://localhost:6143/mywebservice/action/j_security_check";);
> HttpURLConnection connection = (HttpURLConnection)
> url.openConnection();
> connection.setRequestMethod("POST");
As Chuck pointed out (without saying it explicitly), Tomcat does not
allow drive-by logins. If you need this feature, you will have to either
hack Tomcat or use a separate tool.
Securityfilter (http://securityfilter.sourceforge.net) is a replacement
for container-based authentication and authorization and allows you to
do drive-by logins if you wish (that is, POST directly to
j_security_check with a username and password).
In any case, you'll have to do JSESSIONID management yourself on the
client, either by reading the JSESSIONID cookie, or sniffing the
"jsessionid" request parameter returned in redirect URLs provided by the
server. I recommend the cookie option.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAklRg+cACgkQ9CaO5/Lv0PAL7gCeP+Ju7YO/f4bydl93c05OWPtU
JOoAnRcadfJf74VaVS5Nk7Dy57c3UcfS
=oKSE
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Server returned HTTP response code: 408 for URL: https...j_security_check
> From: removeps-gro...@yahoo.com [mailto:removeps-gro...@yahoo.com] > Subject: RE: Server returned HTTP response code: 408 for URL: > https...j_security_check > > How does the client get the JSESSIONID? It's normally sent as a cookie; if the client has disabled cookies, the login page servlet or JSP should call Response.encodeURL() to get it added to the URL as a parameter. > When the server generates the login page does it have > to call response.addCookie? I think Tomcat does that automatically, but I'm not positive. Look at the doc for the cookies attribute of the parameter: http://tomcat.apache.org/tomcat-6.0-doc/config/context.html > From where should the servlet get the session id? It doesn't have to, Tomcat handles it automatically for form login. The servlet or JSP can use the HTTPSession.getId() to retrieve it if desired. > How does the client read the cookie? By parsing the response headers or parameters. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Server returned HTTP response code: 408 for URL: https...j_security_check
Nevermind, I see that JSESSIONID is added to the response automatically from
Tomcat.
The code
System.out.println(connection.getHeaderField("Set-Cookie"));
prints
JSESSIONID=56136B3CE4CC657DD36C226E264A97AD; Path=/mywebservice; Secure
So now I think I just have to include that cookie in every request. Will write
back if it does not work.
--- On Sun, 12/14/08, removeps-gro...@yahoo.com
wrote:
> From: removeps-gro...@yahoo.com
> Subject: RE: Server returned HTTP response code: 408 for URL:
> https...j_security_check
> To: "Tomcat Users List"
> Date: Sunday, December 14, 2008, 9:18 PM
> > It should be a POST request to
> /[webapp]/j_security_check,
> > and include the JSESSIONID cookie set by the server
> when the
> > login page was returned.
>
> Thanks, this seems to be the issue. There is a call to
> org.apache.catalina.connector.Request.setRequestedSessionId(String
> id) from parseSessionCookiesId?
>
> How does the client get the JSESSIONID? When the server
> generates the login page does it have to call
> response.addCookie? From where should the servlet get the
> session id? How does the client read the cookie?
>
> Thanks.
>
>
>
> --- On Sun, 12/14/08, Caldarale, Charles R
> wrote:
>
> > From: Caldarale, Charles R
>
> > Subject: RE: Server returned HTTP response code: 408
> for URL: https...j_security_check
> > To: "Tomcat Users List"
>
> > Date: Sunday, December 14, 2008, 9:02 PM
> > > From: removeps-gro...@yahoo.com
> > [mailto:removeps-gro...@yahoo.com]
> > > Subject: RE: Server returned HTTP response code:
> 408
> > for URL:
> > > https...j_security_check
> > >
> > > The request input stream is set to
> > >
> >
> "j_username=username&j_password=password".
> >
> > Good so far.
> >
> > > But to what URL should the above response be
> posted?
> >
> > It should be a POST request to
> /[webapp]/j_security_check,
> > and include the JSESSIONID cookie set by the server
> when the
> > login page was returned.
> >
> > > > ...>
> >
> > Again, note that the method should be POST (which your
> code
> > does seem to be doing).
> >
> > > A browser does not know about Tomcat protocols,
> so it
> > > would I imagine send the request to
> j_security_check.
> >
> > Correct, but that's accepted by Tomcat only when a
> > login form has just been returned to the client.
> > There's no indication in your code that the
> > j_security_check is being sent as a response to a
> login
> > form, nor is the required JSESSIONID cookie being
> returned.
> >
> > > So any ideas on how to make https requests
> through
> > code?
> >
> > This isn't tied to HTTPS, just form login. The
> SSL
> > negotiation is completely separate.
> >
> > - Chuck
> >
> >
> > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR
> > OTHERWISE PROPRIETARY MATERIAL and is thus for use
> only by
> > the intended recipient. If you received this in error,
> > please contact the sender and delete the e-mail and
> its
> > attachments from all computers.
> >
> >
> -
> > To unsubscribe, e-mail:
> users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail:
> > users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Server returned HTTP response code: 408 for URL: https...j_security_check
> It should be a POST request to /[webapp]/j_security_check, > and include the JSESSIONID cookie set by the server when the > login page was returned. Thanks, this seems to be the issue. There is a call to org.apache.catalina.connector.Request.setRequestedSessionId(String id) from parseSessionCookiesId? How does the client get the JSESSIONID? When the server generates the login page does it have to call response.addCookie? From where should the servlet get the session id? How does the client read the cookie? Thanks. --- On Sun, 12/14/08, Caldarale, Charles R wrote: > From: Caldarale, Charles R > Subject: RE: Server returned HTTP response code: 408 for URL: > https...j_security_check > To: "Tomcat Users List" > Date: Sunday, December 14, 2008, 9:02 PM > > From: removeps-gro...@yahoo.com > [mailto:removeps-gro...@yahoo.com] > > Subject: RE: Server returned HTTP response code: 408 > for URL: > > https...j_security_check > > > > The request input stream is set to > > > "j_username=username&j_password=password". > > Good so far. > > > But to what URL should the above response be posted? > > It should be a POST request to /[webapp]/j_security_check, > and include the JSESSIONID cookie set by the server when the > login page was returned. > > > ...> > > Again, note that the method should be POST (which your code > does seem to be doing). > > > A browser does not know about Tomcat protocols, so it > > would I imagine send the request to j_security_check. > > Correct, but that's accepted by Tomcat only when a > login form has just been returned to the client. > There's no indication in your code that the > j_security_check is being sent as a response to a login > form, nor is the required JSESSIONID cookie being returned. > > > So any ideas on how to make https requests through > code? > > This isn't tied to HTTPS, just form login. The SSL > negotiation is completely separate. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR > OTHERWISE PROPRIETARY MATERIAL and is thus for use only by > the intended recipient. If you received this in error, > please contact the sender and delete the e-mail and its > attachments from all computers. > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: > users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Server returned HTTP response code: 408 for URL: https...j_security_check
> From: removeps-gro...@yahoo.com [mailto:removeps-gro...@yahoo.com] > Subject: RE: Server returned HTTP response code: 408 for URL: > https...j_security_check > > The request input stream is set to > "j_username=username&j_password=password". Good so far. > But to what URL should the above response be posted? It should be a POST request to /[webapp]/j_security_check, and include the JSESSIONID cookie set by the server when the login page was returned. > Again, note that the method should be POST (which your code does seem to be doing). > A browser does not know about Tomcat protocols, so it > would I imagine send the request to j_security_check. Correct, but that's accepted by Tomcat only when a login form has just been returned to the client. There's no indication in your code that the j_security_check is being sent as a response to a login form, nor is the required JSESSIONID cookie being returned. > So any ideas on how to make https requests through code? This isn't tied to HTTPS, just form login. The SSL negotiation is completely separate. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Server returned HTTP response code: 408 for URL: https...j_security_check
But how does this work through code? My initial request is to "http://localhost/mywebservice/file.do"; (and all this is through Java code similar to below). Tomcat redirects the request to the login page specified in web.xml "http://localhost/mywebservice/login.html";. Then either Tomcat returns this page to the user, or invokes a servlet that constructs the page and returns is to the user. Then it seems Tomcat remembers the original request. Now the user sees a login page with the j_username and j_password form fields. In code, they get the output stream and it instructs them to login, though my page does not have the form fields in it. So in code the client constructs a login request. The request input stream is set to "j_username=username&j_password=password". But to what URL should the above response be posted? I would imagine that it should be to "http://localhost/mywebservice/j_security_check"; because the login page is typically like this A browser does not know about Tomcat protocols, so it would I imagine send the request to j_security_check. Then I imagine that Tomcat intercepts the request and validates the login, and then forwards to the original page (which must have remembered). So it makes sense to me that through code one may make requests to j_security_check. Just this would not not a recommended practice to users typing something into the address bar. So any ideas on how to make https requests through code? --- On Sun, 12/14/08, Caldarale, Charles R wrote: > From: Caldarale, Charles R > Subject: RE: Server returned HTTP response code: 408 for URL: > https...j_security_check > To: "Tomcat Users List" > Date: Sunday, December 14, 2008, 7:20 PM > > From: removeps-gro...@yahoo.com > [mailto:removeps-gro...@yahoo.com] > > Subject: Server returned HTTP response code: 408 for > URL: > > https...j_security_check > > > > Server returned HTTP response code: 408 for URL: > > > https://localhost:6143/mywebservice/action/j_security_check > > You're not allowed to reference j_security_check > directly. The URL must refer to a protected resource (as > declared in your web.xml), at which point Tomcat will > internally call up the j_security_check. if the > authentication succeeds, the original request will then be > reattempted automatically. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR > OTHERWISE PROPRIETARY MATERIAL and is thus for use only by > the intended recipient. If you received this in error, > please contact the sender and delete the e-mail and its > attachments from all computers. > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: > users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Server returned HTTP response code: 408 for URL: https...j_security_check
> From: removeps-gro...@yahoo.com [mailto:removeps-gro...@yahoo.com] > Subject: Server returned HTTP response code: 408 for URL: > https...j_security_check > > Server returned HTTP response code: 408 for URL: > https://localhost:6143/mywebservice/action/j_security_check You're not allowed to reference j_security_check directly. The URL must refer to a protected resource (as declared in your web.xml), at which point Tomcat will internally call up the j_security_check. if the authentication succeeds, the original request will then be reattempted automatically. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Server returned HTTP response code: 408 for URL: https...j_security_check
Server returned HTTP response code: 408 for URL: https...j_security_check
In my testing I get the following error:
Server returned HTTP response code: 408 for URL:
https://localhost:6143/mywebservice/action/j_security_check
408 = request time out.
So the question is how can a client authenticate themselves? Do you have to
figure out a JSESSION id somehow?
The code is
public static void main(String[] args)
{
BufferedReader responseReader = null;
try
{
URL url = new
URL("https://localhost:6143/mywebservice/action/j_security_check";);
HttpURLConnection connection = (HttpURLConnection)
url.openConnection();
connection.setRequestMethod("POST");
connection.setUseCaches(false);
connection.setAllowUserInteraction(false);
connection.setDoOutput(true);
PrintWriter requestParamsWriter = new
PrintWriter(connection.getOutputStream());
requestParamsWriter.print("j_username=junkuser&j_password=test");
requestParamsWriter.flush();
requestParamsWriter.close();
requestParamsWriter = null;
responseReader = new BufferedReader(new
InputStreamReader(connection.getInputStream()));
while (true)
{
String line = responseReader.readLine();
if (line == null) break;
System.out.println(line);
}
}
catch (IOException e)
{
e.printStackTrace();
}
finally
{
try
{
if (responseReader != null) responseReader.close();
}
catch (Exception e)
{
e.printStackTrace();
}
}
}
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: https & j_security_check now really Solved :P
Do I need to configure separate connectors for the isapi_redirect.dll to = work properly? I realize that this discussion is about apache, and not = iis, but I've had no ability to connect to = https://.com:8443/examples, and I can't understand why. Patrick -Original Message- From: Julio César Chaves Fernández [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 12:33 AM To: Tomcat Users List Subject: RE: https & j_security_check now really Solved :P Hi, Yes, it worked with only that connector ... the requests that came from http over apache and went to the AJP connector were redirected by te port defined as redirectPort in the connector...so changing this to 443 as in the second scheme you propose did the job...thanks for helping and again my apologies for all the trouble or headaches caused ;). Julio César > Date: Tue, 19 Aug 2008 13:14:51 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check apparently > Solved :P> > -BEGIN PGP SIGNED MESSAGE-> Hash: SHA1> > Julio,> > > Julio César Chaves Fernández wrote:> > I'm sorry but i read the previous > question and now that i notice i> > doesn't make any sense given that apache > is connecting tomcat by AJP> > connector ... the question would be if there > is a way to redirect a> > request over http for an application that has a > confidential> > transport guarantee defined in the application not through > the port> > defined in the AJP connector but by port 443?> > If you want all > traffic to be handled by Apache httpd and mod_jk in this> way:> > Client --- > HTTP (80) ---> Apache httpd --- AJP (8100) ---> Tomcat> Client --- HTTPS > (443) ---> Apache httpd --- AJP (8100) ---> Tomcat> > Then you need only a > single connector:> > > > (Plus > any other settings you want to add).> > Apache httpd will handle all of the > HTTPS stuff for you. Remove all> other connectors from Tomcat.> > If you want > to be able to support alternate ports that go directly to> Tomcat, like > this:> > Client --- HTTP (80) ---> Tomcat> Client --- HTTPS (443) ---> > Tomcat> > Then you will need two connectors:> > > > > > (Plus any other > settings you want to add).> > If you want to support both configurations at > the same time, you will> need 3 connectors, but each with unique port > numbers. Something like this:> > Client --- HTTP (80) ---> Apache httpd --- > AJP (8100) ---> Tomcat> Client --- HTTPS (443) ---> Apache httpd --- AJP > (8100) ---> Tomcat> Client --- HTTP (8080) ---> Tomcat> Client --- HTTPS > (8443) ---> Tomcat> > > > > > > If you want to > use port 443 as the redirect port for your 8080> connector, then go ahead and > do it. However, to me it only makes sense> to support /either/ > direct-to-Tomcat /or/ via-Apache-httpd configurations.> > - -chris> > > -BEGIN PGP SIGNATURE-> Version: GnuPG v1.4.9 (MingW32)> Comment: > Using GnuPG with Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkiq/4sACgkQ9CaO5/Lv0PC7dwCgky/b57zH2RYKBc14jPo1mNXQ> > /g8AnAhjkevlaEyaoG0B7Pz3txgn8FFp> =BhcA> -END PGP SIGNATURE-> > > -> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https & j_security_check now really Solved :P
Hi, Yes, it worked with only that connector ... the requests that came from http over apache and went to the AJP connector were redirected by te port defined as redirectPort in the connector...so changing this to 443 as in the second scheme you propose did the job...thanks for helping and again my apologies for all the trouble or headaches caused ;). Julio César > Date: Tue, 19 Aug 2008 13:14:51 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check apparently > Solved :P> > -BEGIN PGP SIGNED MESSAGE-> Hash: SHA1> > Julio,> > > Julio César Chaves Fernández wrote:> > I'm sorry but i read the previous > question and now that i notice i> > doesn't make any sense given that apache > is connecting tomcat by AJP> > connector ... the question would be if there > is a way to redirect a> > request over http for an application that has a > confidential> > transport guarantee defined in the application not through > the port> > defined in the AJP connector but by port 443?> > If you want all > traffic to be handled by Apache httpd and mod_jk in this> way:> > Client --- > HTTP (80) ---> Apache httpd --- AJP (8100) ---> Tomcat> Client --- HTTPS > (443) ---> Apache httpd --- AJP (8100) ---> Tomcat> > Then you need only a > single connector:> > > > (Plus > any other settings you want to add).> > Apache httpd will handle all of the > HTTPS stuff for you. Remove all> other connectors from Tomcat.> > If you want > to be able to support alternate ports that go directly to> Tomcat, like > this:> > Client --- HTTP (80) ---> Tomcat> Client --- HTTPS (443) ---> > Tomcat> > Then you will need two connectors:> > > > > > (Plus any other > settings you want to add).> > If you want to support both configurations at > the same time, you will> need 3 connectors, but each with unique port > numbers. Something like this:> > Client --- HTTP (80) ---> Apache httpd --- > AJP (8100) ---> Tomcat> Client --- HTTPS (443) ---> Apache httpd --- AJP > (8100) ---> Tomcat> Client --- HTTP (8080) ---> Tomcat> Client --- HTTPS > (8443) ---> Tomcat> > > > > > > If you want to > use port 443 as the redirect port for your 8080> connector, then go ahead and > do it. However, to me it only makes sense> to support /either/ > direct-to-Tomcat /or/ via-Apache-httpd configurations.> > - -chris> > > -BEGIN PGP SIGNATURE-> Version: GnuPG v1.4.9 (MingW32)> Comment: > Using GnuPG with Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkiq/4sACgkQ9CaO5/Lv0PC7dwCgky/b57zH2RYKBc14jPo1mNXQ> > /g8AnAhjkevlaEyaoG0B7Pz3txgn8FFp> =BhcA> -END PGP SIGNATURE-> > > -> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline
Re: https & j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: > I'm sorry but i read the previous question and now that i notice i > doesn't make any sense given that apache is connecting tomcat by AJP > connector ... the question would be if there is a way to redirect a > request over http for an application that has a confidential > transport guarantee defined in the application not through the port > defined in the AJP connector but by port 443? If you want all traffic to be handled by Apache httpd and mod_jk in this way: Client --- HTTP (80) ---> Apache httpd --- AJP (8100) ---> Tomcat Client --- HTTPS (443) ---> Apache httpd --- AJP (8100) ---> Tomcat Then you need only a single connector: (Plus any other settings you want to add). Apache httpd will handle all of the HTTPS stuff for you. Remove all other connectors from Tomcat. If you want to be able to support alternate ports that go directly to Tomcat, like this: Client --- HTTP (80) ---> Tomcat Client --- HTTPS (443) ---> Tomcat Then you will need two connectors: (Plus any other settings you want to add). If you want to support both configurations at the same time, you will need 3 connectors, but each with unique port numbers. Something like this: Client --- HTTP (80) ---> Apache httpd --- AJP (8100) ---> Tomcat Client --- HTTPS (443) ---> Apache httpd --- AJP (8100) ---> Tomcat Client --- HTTP (8080) ---> Tomcat Client --- HTTPS (8443) ---> Tomcat If you want to use port 443 as the redirect port for your 8080 connector, then go ahead and do it. However, to me it only makes sense to support /either/ direct-to-Tomcat /or/ via-Apache-httpd configurations. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiq/4sACgkQ9CaO5/Lv0PC7dwCgky/b57zH2RYKBc14jPo1mNXQ /g8AnAhjkevlaEyaoG0B7Pz3txgn8FFp =BhcA -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: https & j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: > Well, when i access the application over the AJP connector it does > what it's supposed to ... redirect it by the redirect port defined in > the connector on the server.xml file. Good. > Its just that https is over port 443, so when it redirects by port > 8463 defined in the AJP connector it gets a timeout error. You should not define the redirect port to be 8463, then. AJP has no SSL equivalent. Set the redirect port for the AJP connector to whatever the SSL port /should be/ for the user. > Apache sends its requests to the connector with the port 8100 I > assume ... so if i define a redirect port with 443 in it would it > work ? The default redirect port should be 443 (which should actually append /no/ port, since the default HTTPS port is 443). I would imagine that this will work. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiq/V8ACgkQ9CaO5/Lv0PByDACeMzLMwnhde5E3Cyly+bdceOYp UbgAn2ctktlwtWJFM8C63C5N5j86JfLo =dOsC -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https & j_security_check apparently Solved :P
Hi, I'm sorry but i read the previous question and now that i notice i doesn't make any sense given that apache is connecting tomcat by AJP connector ... the question would be if there is a way to redirect a request over http for an application that has a confidential transport guarantee defined in the application not through the port defined in the AJP connector but by port 443? TIA, Julio César > From: [EMAIL PROTECTED]> To: users@tomcat.apache.org> Subject: RE: https & > j_security_check apparently Solved :P> Date: Tue, 19 Aug 2008 10:05:27 -0500> > > Hi,> > Well, when i access the application over the AJP connector it does > what it's suppossed to ... redirect it by the redirect port defined in the > connector on the server.xml file. Its just that https is over port 443, so > when it redirects by port 8463 defined in the AJP connector it gets a timeout > error. Apache sends its requests to the connector with the port 8100 I assume > ... so if i define a redirect port with 443 in it would it work ?> > TIA,> > > Julio César> > > > > Date: Fri, 15 Aug 2008 13:07:33 -0400> From: [EMAIL > PROTECTED]> To: users@tomcat.apache.org> Subject: Re: https & > j_security_check apparently Solved :P> > -BEGIN PGP SIGNED MESSAGE-> > Hash: SHA1> > Julio,> > Julio César Chaves Fernández wrote:> > the access is > over Apache through the mod_jk connector (the one that> > connects with > AJP13), and mapping with httpd.conf, but its also> > accessed by ports 8100 > and 8443.> > I think you might reduce confusion if you debug one connector > setup at a> time. If you access your web application exclusively through > Apache/AJP,> does the application behave in the way you expect?> > - -chris> > > -BEGIN PGP SIGNATURE-> Version: GnuPG v1.4.9 (MingW32)> Comment: > Using GnuPG with Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkilt9UACgkQ9CaO5/Lv0PCesACgkPPuZfbXi1JytUPG8JNN+/5s> > lAsAoKvBxJGtvVAdGL+gCXdqDYjYNdt/> =kJ9R> -END PGP SIGNATURE-> > > -> > _> Explore > the seven wonders of the world> > http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
RE: https & j_security_check apparently Solved :P
Hi, Well, when i access the application over the AJP connector it does what it's suppossed to ... redirect it by the redirect port defined in the connector on the server.xml file. Its just that https is over port 443, so when it redirects by port 8463 defined in the AJP connector it gets a timeout error. Apache sends its requests to the connector with the port 8100 I assume ... so if i define a redirect port with 443 in it would it work ? TIA, Julio César > Date: Fri, 15 Aug 2008 13:07:33 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check apparently > Solved :P> > -BEGIN PGP SIGNED MESSAGE-> Hash: SHA1> > Julio,> > > Julio César Chaves Fernández wrote:> > the access is over Apache through the > mod_jk connector (the one that> > connects with AJP13), and mapping with > httpd.conf, but its also> > accessed by ports 8100 and 8443.> > I think you > might reduce confusion if you debug one connector setup at a> time. If you > access your web application exclusively through Apache/AJP,> does the > application behave in the way you expect?> > - -chris> > -BEGIN PGP > SIGNATURE-> Version: GnuPG v1.4.9 (MingW32)> Comment: Using GnuPG with > Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkilt9UACgkQ9CaO5/Lv0PCesACgkPPuZfbXi1JytUPG8JNN+/5s> > lAsAoKvBxJGtvVAdGL+gCXdqDYjYNdt/> =kJ9R> -END PGP SIGNATURE-> > > - _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
Re: https & j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: > the access is over Apache through the mod_jk connector (the one that > connects with AJP13), and mapping with httpd.conf, but its also > accessed by ports 8100 and 8443. I think you might reduce confusion if you debug one connector setup at a time. If you access your web application exclusively through Apache/AJP, does the application behave in the way you expect? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkilt9UACgkQ9CaO5/Lv0PCesACgkPPuZfbXi1JytUPG8JNN+/5s lAsAoKvBxJGtvVAdGL+gCXdqDYjYNdt/ =kJ9R -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https & j_security_check apparently Solved :P
Hi, the access is over Apache through the mod_jk connector (the one that connects with AJP13), and mapping with httpd.conf, but its also accessed by ports 8100 and 8443. > Date: Fri, 15 Aug 2008 11:10:09 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check apparently > Solved :P> > -BEGIN PGP SIGNED MESSAGE-> Hash: SHA1> > Julio,> > > Julio César Chaves Fernández wrote:> > Ye, i think thats what i needed > apparently the redirection was> > the problem ... thanks for your help and > excuse my ignorance but ...> > i have this connectors:> > Can you explain > what each of these connectors is for?> > I can see one HTTPS, one HTTP, and > one AJP13. How are you really> accessing Tomcat?> > - -chris> -BEGIN PGP > SIGNATURE-> Version: GnuPG v1.4.9 (MingW32)> Comment: Using GnuPG with > Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkilnFEACgkQ9CaO5/Lv0PAkzgCdEdtYw4tgxGGmV0acfIaWyHCM> > e4oAoJPqTIEa/LkOjeJNeLW4cg4k/Qzv> =/WE8> -END PGP SIGNATURE-> > > -> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
Re: https & j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: > Ye, i think thats what i needed apparently the redirection was > the problem ... thanks for your help and excuse my ignorance but ... > i have this connectors: Can you explain what each of these connectors is for? I can see one HTTPS, one HTTP, and one AJP13. How are you really accessing Tomcat? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkilnFEACgkQ9CaO5/Lv0PAkzgCdEdtYw4tgxGGmV0acfIaWyHCM e4oAoJPqTIEa/LkOjeJNeLW4cg4k/Qzv =/WE8 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https & j_security_check apparently Solved :P
Hi, Ye, i think thats what i needed apparently the redirection was the problem ... thanks for your help and excuse my ignorance but ... i have this connectors: . . . and when I used the transport-guarantee tag and try to access the page it changes the url with the connector that has the AJP/1.3 protocol associated... do you know why could this happen? TIA, Julio César > Date: Thu, 14 Aug 2008 12:29:38 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check apparently > Solved :P> > -BEGIN PGP SIGNED MESSAGE-> Hash: SHA1> > Julio,> > > Julio César Chaves Fernández wrote:> > I was testing somethings within the > login page that is configured in> > the web.xml file... and there was a piece > of code doing a redirection> > to assure that the page is loaded over > https... first i proved with a> > simple login page over https with no more > than the login form ...and> > it worked as it supossed to ... then instead of > insert the code to> > redirect the page over https I opened it with a url > specifying https> > instead of http ... it worked ... so I changed back the > form-login> > param in web.xml ... removed the redirection ... an tried again > the> > same way i did with the simple login form ... and it worked ... now i> > > have to ask ... did the redirection had something to do with this> > > problem or do anyone know of a possible problem that can be raised> > when > this is done?TIA,> > Honestly, I'm having a hard time understanding what you > are doing. What> is the additional redirection for? Why not simply use> > in web.xml and let the container handle any HTTPS> > requirements?> > - -chris> -BEGIN PGP SIGNATURE-> Version: GnuPG > v1.4.9 (MingW32)> Comment: Using GnuPG with Mozilla - > http://enigmail.mozdev.org> > > iEYEARECAAYFAkikXXIACgkQ9CaO5/Lv0PC1wgCgtUNuWDBsTqIPIjAfH64OPgv+> > wf4An1rHKW4HmO15pAwckdz0msxOmLd2> =LSxR> -END PGP SIGNATURE-> > > -> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx
Re: https & j_security_check apparently Solved :P
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: > I was testing somethings within the login page that is configured in > the web.xml file... and there was a piece of code doing a redirection > to assure that the page is loaded over https... first i proved with a > simple login page over https with no more than the login form ...and > it worked as it supossed to ... then instead of insert the code to > redirect the page over https I opened it with a url specifying https > instead of http ... it worked ... so I changed back the form-login > param in web.xml ... removed the redirection ... an tried again the > same way i did with the simple login form ... and it worked ... now i > have to ask ... did the redirection had something to do with this > problem or do anyone know of a possible problem that can be raised > when this is done?TIA, Honestly, I'm having a hard time understanding what you are doing. What is the additional redirection for? Why not simply use in web.xml and let the container handle any HTTPS requirements? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkikXXIACgkQ9CaO5/Lv0PC1wgCgtUNuWDBsTqIPIjAfH64OPgv+ wf4An1rHKW4HmO15pAwckdz0msxOmLd2 =LSxR -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https & j_security_check apparently Solved :P
Hi, I was testing somethings within the login page that is configured in the web.xml file... and there was a piece of code doing a redirection to assure that the page is loaded over https... first i proved with a simple login page over https with no more than the login form ...and it worked as it supossed to ... then instead of insert the code to redirect the page over https I opened it with a url specifying https instead of http ... it worked ... so I changed back the form-login param in web.xml ... removed the redirection ... an tried again the same way i did with the simple login form ... and it worked ... now i have to ask ... did the redirection had something to do with this problem or do anyone know of a possible problem that can be raised when this is done?TIA, Julio César > Date: Wed, 13 Aug 2008 13:44:39 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check> > -BEGIN > PGP SIGNED MESSAGE-> Hash: SHA1> > Julio,> > Julio César Chaves Fernández > wrote:> | The 302 sends me back to the login page ... honestly i can't > totally> | blame https ... i tested the applicaction with https via JSSE and > it> | works (this was done in my pc)... but when i changed the application> | > to another server https became the main issue where before it wasn't> | ... > so i'm trying to find what the real problem is ... it's just that> | the only > thing different between the working and the not working> | application is the > use of https.> > If you moved the application to another server, is it > possible that the> login itself is actually failing, and Tomcat is reacting > correctly?> > One of my complaints about TC's authenticator is that it tends > to> swallow errors. You might try to write a little test on the new server> > to see if you can correctly access your user database.> > - -chris> > -BEGIN PGP SIGNATURE-> Version: GnuPG v1.4.9 (MingW32)> Comment: > Using GnuPG with Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkijHYcACgkQ9CaO5/Lv0PCYpwCff97yGzzjteCe6NPrVmVV0XmP> > 8LIAoKqGTkkbfvwIorRXRlMUa5y6KkWG> =PKpu> -END PGP SIGNATURE-> > > -> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx
Re: https & j_security_check
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | The 302 sends me back to the login page ... honestly i can't totally | blame https ... i tested the applicaction with https via JSSE and it | works (this was done in my pc)... but when i changed the application | to another server https became the main issue where before it wasn't | ... so i'm trying to find what the real problem is ... it's just that | the only thing different between the working and the not working | application is the use of https. If you moved the application to another server, is it possible that the login itself is actually failing, and Tomcat is reacting correctly? One of my complaints about TC's authenticator is that it tends to swallow errors. You might try to write a little test on the new server to see if you can correctly access your user database. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkijHYcACgkQ9CaO5/Lv0PCYpwCff97yGzzjteCe6NPrVmVV0XmP 8LIAoKqGTkkbfvwIorRXRlMUa5y6KkWG =PKpu -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https & j_security_check
The 302 sends me back to the login page ... honestly i can't totally blame https ... i tested the applicaction with https via JSSE and it works (this was done in my pc)... but when i changed the application to another server https became the main issue where before it wasn't ... so i'm trying to find what the real problem is ... it's just that the only thing different between the working and the not working application is the use of https. Julio César > Date: Wed, 13 Aug 2008 12:20:59 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check> > -BEGIN > PGP SIGNED MESSAGE-> Hash: SHA1> > Julio,> > Julio César Chaves Fernández > wrote:> | No i'm working with https all the time ... when it's only over > http> | the application works ... it's just that i've been reading about> | > something related to j_security_check and that it adds port 80 to the> | url> > > Tomcat does not add port 80 to the URL. It uses whatever port was> already > being used.> > | ... so i don't know if it's related to my problem... i read > this> | in> |> > http://www.velocityreviews.com/forums/t145712-load-balancing-an-https-java-web-application-in-tomcat.html> > | ... may be i'm wrong or i don't have the right idea ... but when i> | saw > that 302 the only thing that came to my mind was some problem> | related to > the url and the server not finding the associated> | resources ... i'm > checking if maybe thats the reason...> > Where does the 302 send you? Back to > the login-error page? Are you sure> that the only difference between a > working configuration and a> non-working configuration is the use of HTTPs?> > > - -chris> -BEGIN PGP SIGNATURE-> Version: GnuPG v1.4.9 (MingW32)> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkijCesACgkQ9CaO5/Lv0PA3cwCfUeM4okC0y2h7QQlTcb5p4w2R> > zPkAn09q7o10IodI+udoVCSLz92HDFOS> =E4Jq> -END PGP SIGNATURE-> > > -> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx
Re: https & j_security_check
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | No i'm working with https all the time ... when it's only over http | the application works ... it's just that i've been reading about | something related to j_security_check and that it adds port 80 to the | url Tomcat does not add port 80 to the URL. It uses whatever port was already being used. | ... so i don't know if it's related to my problem... i read this | in | http://www.velocityreviews.com/forums/t145712-load-balancing-an-https-java-web-application-in-tomcat.html | ... may be i'm wrong or i don't have the right idea ... but when i | saw that 302 the only thing that came to my mind was some problem | related to the url and the server not finding the associated | resources ... i'm checking if maybe thats the reason... Where does the 302 send you? Back to the login-error page? Are you sure that the only difference between a working configuration and a non-working configuration is the use of HTTPs? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkijCesACgkQ9CaO5/Lv0PA3cwCfUeM4okC0y2h7QQlTcb5p4w2R zPkAn09q7o10IodI+udoVCSLz92HDFOS =E4Jq -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https & j_security_check
No i'm working with https all the time ... when it's only over http the application works ... it's just that i've been reading about something related to j_security_check and that it adds port 80 to the url ... so i don't know if it's related to my problem... i read this in http://www.velocityreviews.com/forums/t145712-load-balancing-an-https-java-web-application-in-tomcat.html ... may be i'm wrong or i don't have the right idea ... but when i saw that 302 the only thing that came to my mind was some problem related to the url and the server not finding the associated resources ... i'm checking if maybe thats the reason... Julio César > Date: Wed, 13 Aug 2008 11:56:19 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check> > -BEGIN > PGP SIGNED MESSAGE-> Hash: SHA1> > Julio,> > Julio César Chaves Fernández > wrote:> | I was checking the http in my application and the server response > is> | a 302 ... what could possibly do this when using https ... could it> | > be something related to the URL ... or how could the server get> | confused > given that with http it works fine.> > Are you switching between HTTP and > HTTPS? Some folks try to use HTTPS> for the login and then redirect to HTTP > for the rest of the application.> That doesn't work unless the session cookie > has been created from a> non-secure URL. Otherwise the cookie itself is > marked as "secure" and> won't be sent by your browser when you switch back to > HTTP. Could this> be your problem?> > - -chris> -BEGIN PGP > SIGNATURE-> Version: GnuPG v1.4.9 (MingW32)> Comment: Using GnuPG with > Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkijBCIACgkQ9CaO5/Lv0PD5/QCfVCw6UgMkYilZqsVUnKRQAznX> > 8xwAni9vqVdMJpHV7Z0jJQoTqicT3Ct3> =hk6b> -END PGP SIGNATURE-> > > -> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
Re: https & j_security_check
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | I was checking the http in my application and the server response is | a 302 ... what could possibly do this when using https ... could it | be something related to the URL ... or how could the server get | confused given that with http it works fine. Are you switching between HTTP and HTTPS? Some folks try to use HTTPS for the login and then redirect to HTTP for the rest of the application. That doesn't work unless the session cookie has been created from a non-secure URL. Otherwise the cookie itself is marked as "secure" and won't be sent by your browser when you switch back to HTTP. Could this be your problem? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkijBCIACgkQ9CaO5/Lv0PD5/QCfVCw6UgMkYilZqsVUnKRQAznX 8xwAni9vqVdMJpHV7Z0jJQoTqicT3Ct3 =hk6b -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https & j_security_check
Hi, I was checking the http in my application and the server response is a 302 ... what could possibly do this when using https ... could it be something related to the URL ... or how could the server get confused given that with http it works fine. TIA, Julio César _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE
RE: https & j_security_check
Yes, i'm logging over https ...without https the application authenticates the user and then calls for an action (with struts) ... but with https the application returns to the login page ... it's like nothing had happened. > Date: Sat, 9 Aug 2008 17:37:10 +0100> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check> > Julio César > Chaves Fernández wrote:> > but my problem is when the user and password are > right ... i doesn't takes me to the site but leaves me again in the login > page> Are you logging in over https?> > Mark> > > > > -> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline
Re: https & j_security_check
Julio César Chaves Fernández wrote: but my problem is when the user and password are right ... i doesn't takes me to the site but leaves me again in the login page Are you logging in over https? Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https & j_security_check
Yes, it is the way it's designed ... but my problem is when the user and password are right ... i doesn't takes me to the site but leaves me again in the login page (this when I have https, without it the application works fine)... with the redirection to the form-error page defined in the web.xml file i know that it tries to authenticate the user and if it fails everything works how it's supossed to ... with https the authentication, although correct, redirects me to the login page ... so my problem is when i have https active ... otherwise everything works perfectly. Thanks again for helping. Julio César > Date: Fri, 8 Aug 2008 22:46:05 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check> > -BEGIN > PGP SIGNED MESSAGE-> Hash: SHA1> > Julio,> > Julio César Chaves Fernández > wrote:> | The curious thing is that when the password is> | wrong the > redirection is to the form-error page defined in the> | web.xml file. So, I > was hoping you could give me some sort of advice> | or where could I start > looking to know why it behaves like that.> > Perhaps I have misunderstood > your question, but what you describe above> is simply the way that form-based > authentication is designed in the> servlet specification. See section 12.5.3 > of the servlet specification> for the full story.> > - -chris> > -BEGIN > PGP SIGNATURE-> Version: GnuPG v1.4.9 (MingW32)> Comment: Using GnuPG > with Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkidBO0ACgkQ9CaO5/Lv0PAL2wCfZfMx+WfG0pXRFkzC2JBIBSi6> > sdkAnjhzQVfyHLESWHHFlbfLiYix4sOe> =Fy6M> -END PGP SIGNATURE-> > > -> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
Re: https & j_security_check
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | The curious thing is that when the password is | wrong the redirection is to the form-error page defined in the | web.xml file. So, I was hoping you could give me some sort of advice | or where could I start looking to know why it behaves like that. Perhaps I have misunderstood your question, but what you describe above is simply the way that form-based authentication is designed in the servlet specification. See section 12.5.3 of the servlet specification for the full story. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkidBO0ACgkQ9CaO5/Lv0PAL2wCfZfMx+WfG0pXRFkzC2JBIBSi6 sdkAnjhzQVfyHLESWHHFlbfLiYix4sOe =Fy6M -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
https & j_security_check
Hi, I have an issue with both https and j_secutiry_check... i've an application that works fine with only authentication (j_security_check) but when I try to access with https the application redirects the browser to the form-login page that is set in the web.xml file. The curious thing is that when the password is wrong the redirection is to the form-error page defined in the web.xml file. So, I was hoping you could give me some sort of advice or where could I start looking to know why it behaves like that. Thanks for reading. Sincerely, Julio César Chaves _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
