Hi Mark, Thanks for your response on that. I tested both methods, and still no joy. It is as if IE can't find the main class. I should have put the complete error that I am seeing - it reads "Internet Explorer cannot download main from localhost"," Requested site unavailable". Have used FIDDLER HTTP browser to look at the URL which it is requesting looks ok (i.e. HTTPS://localhost:8080/marketops/main). When configured for HTTP only, the URL is the same (minus the (S) on HTTP) and it all works ok. Nothing logged in HTTP logs. Thought that it may be related to the JWS not being able to find a CERT/keystore?
Again - Thanks for your time. Rupert. -----Original Message----- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: 11 April 2008 15:01 To: Tomcat Users List Subject: Re: Apache Tomcat role authorisation against AD2003 Rupert Whitefield wrote: > So moved onto my next problem, which is why when securing the URL via > HTTPS, everything works great , but IE can no longer 'find' the Java > Web Start application..... And it worked on same port with HTTP. Sigh. > Looking into it. This sounds like the caching problem in IE. Caching has to be disabled because of the <insert your favourite expletive here> stupid way IE handles downloads. It downloads them to a temporary location and then opens them in the specified application or copies them to where the user specified. IE treats this temporary location as a cache. The problem is that secure content is marked as non-cacheable so IE obeys this instruction and deletes it from the temporary location as soon as the download finishes. This means when the app tries to open the file it isn't there. The two options to fix this are: 1. disableProxyCaching="false" Disables all caching. I have concerns about this. As long as there are no proxies / web caches on the network you should be fine. If there is a proxy / cache then you may well hit issues with people being able to access content they shouldn't. 2. securePagesWithPragma="false" This only allows caching if the cache is private to the user (as it is with the IE download 'cache'). This should work and does not present any issues with web proxies / caches as long as they obey the 'don't put this in a shared cache' headers (which any off the shelf cache should). Either of these options can be set on the authenticator. Eg: <Context> <Valve className="org.apache.catalina.authenticator.BasicAuthenticator" disableProxyCaching="false" /> </Context> Hope this helps, Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies within the Detica Group plc group of companies. Detica Limited is registered in England under No: 1337451. Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]