Hi,
To secure some pages as suggested in
http://wiki.dspace.org/index.php/ServletSecurity
I tried to implement the code :
<security-constraint>
<web-resource-collection>
<web-resource-name>Pages requiring HTTPS</web-resource-name>
<url-pattern>/profile</url-pattern>
<url-pattern>/register</url-pattern>
<url-pattern>/password-login</url-pattern>
<url-pattern>/ldap-login</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
into [dspace]/jspui/WEB-INF/web.xml and found out that when click at My
DSpace (which will usually bring up a password-login page), it came out
that DSpace tries to bring up that page via
https://localhost:7443/jspui/password-login
which does not work in the system. Actually, I have already set the
system to run thru Apache's mod_proxy as I still could not config Tomcat
to bring up SSLEngine...
Is there any other solution ?
Please also note that using XMLUI does work when turn on 'xmlui.force.ssl
= true', DSpace brings up https page in normal port(as configured by
mod_proxy). After logged in, however, DSpace does not switch back to
http, it continues to use https for subsequent pages. Is there a solution
to this too ?
--
Panyarak Ngamsritragul
Prince of Songkla University.
--
This message has been scanned for viruses and
dangerous content by MailScanner.
------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today.
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
