Welcome to the land of Internet Explorer. I bet you use Internet Explorer, don't you? Try Mozilla/Opera and you will see that I works fine. Some people didn't trust me yet that this problem you describe is a bug...
Follow these links to find out more: http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg74000.html http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg74194.html http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg73632.html Your after-timeout url with https:/host:8080 confirms me in my opinion that IE only changes the protocol from http to https instead of changing the port numbers, too. Don't know if it has something to do with the sessionids, too. That's the reason why the workaround works. If you change Tomcat to protocol standard ports 80/443 you will see that your problem disappears because the port numbers won't matter when changing the url for the ssl redirection. You may consider adding your experiences to the bug database. Maybe something could be done from Tomcat side, too: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 (Especially the issue after timing out is new and confirms the IE problem, but it might have something to do with the session, too...) mech > -----Original Message----- > From: Shatzer, Larry [mailto:[EMAIL PROTECTED]] > Sent: Freitag, 22. November 2002 02:51 > To: '[EMAIL PROTECTED]' > Subject: SSL, redirectPort, and transport-guarantee, oh my! > > > I'm trying to set up redirection to SSL. Below are the > appropriate sections of web.xml and server.xml > > When I go to https://localhost:8443/app, I get directed to my > login page, with the addition of a jsessionid to the url. > > If I go to http://localhost:8080/app, it warns me I am going > to a secure page (I have this turned on to know when I am > going in and out of ssl). > > I then get the security alert about the SSL certificate, I > click YES to proceed, it sits there for a while. In my status > bar, I see it's trying to connect to 127.0.0.1, which is no > big deal, since it's localhost. > > When it eventually times out, my url is now > https://localhost:8080/app/security/login/jsp/login.jsp;jesssi > onid=sessionid > here > > Now, if I change it back to http in the url, and leave the > rest, (mainly the jsessionid), it will redirect fine. > > I am running Tomcat 4.0.6. > > Also, ran across this in the archives: > http://archives.apache.org/eyebrowse/ReadMsg?listName=tomcat-u > [EMAIL PROTECTED] > ache.org&msgId=285554 which had no answer that I could find. > His situation seems close to mine, expect the fact, if I > remove auth-constraint, it breaks the application. > > Any thoughts or help on this would be appreciated. > > > web.xml section: > > <security-constraint> > <web-resource-collection> > <web-resource-name>All Struts Actions</web-resource-name> > <url-pattern>*.do</url-pattern> > <url-pattern>*.jsp</url-pattern> > </web-resource-collection> > <auth-constraint> > <description>Must at least have access to the USER role > to gain access</description> > <role-name>User</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > <!-- Use a custom form for web container authentication --> > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/security/logon/jsp/logon.jsp</form-login-page> > > <form-error-page>/security/logon/jsp/logonFailed.jsp</form-error-page> > </form-login-config> > </login-config> > > server.xml section: > > <Connector > className = > "org.apache.catalina.connector.http.HttpConnector" > port = "8080" > scheme = "http" > secure = "false" > minProcessors = "5" > maxProcessors = "75" > enableLookups = "true" > acceptCount = "10" > debug = "0" > connectionTimeout = "60000" > redirectPort = "8443" > /> > <Connector > className = > "org.apache.catalina.connector.http.HttpConnector" > port = "8443" > scheme = "https" > secure = "true" > minProcessors = "5" > maxProcessors = "75" > enableLookups = "true" > acceptCount = "10" > debug = "0" > connectionTimeout = "60000" > > > <Factory > className = > "org.apache.catalina.net.SSLServerSocketFactory" > clientAuth = "false" > protocol = "TLS" > keystoreFile = "keystore.jks" > keystorePass = "password" > /> > </Connector> > > -- > To unsubscribe, e-mail: > <mailto:tomcat-user-> [EMAIL PROTECTED]> > For > additional commands, > e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
