Gregor, thanks for this. With a little tweaking I think this will work very well for me.
Everybody: Gregor suggested this as a "starting point". I see that the new "conf.properties" file refers to a "/home/lenya/.keystore" file. This is where you would put the public key of the web server you're connecting to (or the root certificate???). Rather than expecting every developer using SSL to customize this, maybe the keystore file should be located in a more standard place by default, and the property setting its location should perhaps be somewhere higher up like WEB-INF/web.xml, We might want to put the keystore in Java's default location, <java-home>/lib/security/cacerts, or maybe we should disable certificate validation entirely for these internal HTTPS connections per http://forum.java.sun.com/thread.jspa?threadID=660461&tstart=90. The code for LDAP authentication (org/apache/lenya/ac/ldap/LDAPUser.java), when using SSL to connect to the LDAP server, also uses a keystore, this time in "config/ac/passwd/.keystore" by default. So I would think a unified place for these keys would make a lot of sense. Your opinions? This is for 1.2.4. I don't know whether 1.4 handles keystores in a more unified fashion. Related reference: http://wiki.apache.org/cocoon/HTTPsSources Also, it looks like this new Configuration.java is mostly a duplicate of org/apache/lenya/net/Configuration.java; maybe some refactoring is needed. On 11/12/05, Michael Wechner <[EMAIL PROTECTED]> wrote: > Gregor Imboden wrote: > > >Hello, > > > >I submitted a patch that deals with the https problem a while ago, > >it could be a good starting point. > > > >http://issues.apache.org/bugzilla/show_bug.cgi?id=36244 > > > > > > I have applied it. Please give it a try as well. > > Thanks very much for this contribution. > > Michi > > >HTH > > > >Gregor > > > > > >On Fri, 11 Nov 2005 11:53:10 +0100 > >Michael Wechner <[EMAIL PROTECTED]> wrote: > > > > > > > >>Bob Harner wrote: > >> > >> > >> > >>>On 11/10/05, Michael Wechner <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > >>>>Bob Harner wrote: > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>ProxyGenerator.java from Lenya 1.2_X (both released & svn versions) > >>>>>has this code at line 203: > >>>>> > >>>>> try { > >>>>> url = new URL(this.source); > >>>>> log.debug(".createURL(): " + url); > >>>>> } catch (MalformedURLException e) { > >>>>> url = new URL("http://"; + request.getServerName() + ":" + > >>>>>request.getServerPort() + this.source); > >>>>> log.debug(".createURL(): Add localhost and port: " + url); > >>>>> } ; > >>>>> > >>>>>Shouldn't that hard-coded http:// be request.getScheme() > >>>>>instead? > >>>>> > >>>>>When I turn on debugging I get this in log4j.log: > >>>>> > >>>>>127708 2005-11-10 16:01:30,860 [ExecuteThread: '23' for queue: > >>>>>'weblogic.kernel.Default'] DEBUG > >>>>>org.apache.lenya.cms.cocoon.generation.ProxyGenerator.createURL():205 > >>>>>- .createURL(): Add localhost and port: > >>>>>http://www.mycompany.com:443/lenya/servlet/QuartzSchedulerServlet > >>>>> > >>>>>I have Lenya 1.2.4 running under WebLogic behind a Sun web server > >>>>>using WebLogic's plugin, a common WebLogic configuration. The web > >>>>>server is running SSL, but WebLogic is not. Most of Lenya works fine, > >>>>>except that when I publish a document an HTTP connection is made back > >>>>>to the web server (why? I don't know) to a URL like this: > >>>>> > >>>>> http://www.mycompany.com:443/lenya/servlet/QuartzSchedulerServlet > >>>>> > >>>>>The 443 makes sense. But the http:// part doesn't. The connection > >>>>>fails because the web server is expecting an HTTPS connection to 443, > >>>>>not HTTP. > >>>>> > >>>>>So I have 3 questions: > >>>>> > >>>>>1) Is ProxyGenerator.java wrong? > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>yes, I think your are right. Would you like to submit a patch ;-) > >>>> > >>>> > >>>> > >>>> > >>>Sure, I'll submit a bug and a patch, though probably not until Monday > >>>or Tuesday. But I don't think this is the whole problem, because when > >>>I hard-code it to https I'm still getting an http connection back to > >>>the server (I think). Hard to be sure. But it still fails in > >>>apparently the same way. I need to dig deeper, I guess. > >>> > >>> > >>> > >>> > >>cool, thanks > >> > >> > >> > >>> > >>> > >>> > >>> > >>>>>2) Why does the publication process need to make an HTTP(S) connection > >>>>>to the web server at all? > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>within src/webapp/lenya/usecase.xmap one has > >>>> > >>>><!-- Publish --> > >>>> <map:match pattern="publish" type="usecase"> > >>>> > >>>> <map:match pattern="showscreen" type="step"> > >>>> <map:generate type="serverpages" > >>>>src="{fallback:content/publishing/screen.xsp}"/> > >>>> <map:transform > >>>>src="{fallback:xslt/publishing/publish-screen.xsl}"> > >>>> <map:parameter name="use-request-parameters" value="true"/> > >>>> </map:transform> > >>>> <map:transform > >>>>src="cocoon:/notification/{../../1}/publish.xsl"/> > >>>> <!-- This transformer can cause trouble with WebLogic Server > >>>>on AIX --> > >>>> <map:transform > >>>>src="cocoon://scheduler/{../../1}/{page-envelope:area}/{../../3}.xsl"/> > >>>> <map:call resource="style-cms-page"/> > >>>> </map:match> > >>>> > >>>>which means the scheduler is being called to show possible scheduled jobs > >>>>for this specific document. > >>>> > >>>> > >>>> > >>>> > >>>Okay, I think I'm beginning to get it. The scheduler is another > >>>servlet, right? > >>> > >>> > >>> > >>right. > >> > >> > >> > >>>Is there any documentation on Lenya's whole scheduler > >>>process? > >>> > >>> > >>> > >>> > >>IIRC there was a section on the scheduler (mostly written by Andreas), > >>but I can only find: > >> > >>http://lenya.apache.org/1_2_x/components/tasks/scheduling.html > >> > >> > >> > >>> > >>> > >>> > >>> > >>>>>Why can't it just move the files from the > >>>>>authoring to the live directory and be done? > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>see above > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>3) Is there a way to control the scheme/protocol used for this > >>>>>connection back to the web server? > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>what do you mean? Can you explain a bit more? > >>>> > >>>> > >>>> > >>>> > >>>Per my answer to your answer to question 1 above, this bit of code > >>>doesn't seem to be the whole answer to the question of where the > >>>scheme is set for the http(s) connection back to the web server. > >>>Again, I'll have to dig deeper in the code to understand it. If > >>>anybody has any references to documentation on how the scheduler works > >>>I'd sure appreciate it. > >>> > >>> > >>> > >>> > >>> > >>Andreas do you remember re Scheduler? > >> > >>Michi > >> > >> > >> > >>> > >>> > >>> > >>> > >>>>Thanks > >>>> > >>>>Michi > >>>> > >>>> > >>>> > >>>> > >>>--------------------------------------------------------------------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >>> > >>> > >>> > >>> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
