Thanks for your reply Chris.
At first i did try to limit using "address" attribute, but later i removed
it. The config snippets i have shown are complete. You are right, the
exception is coming from the web service call.
My concern is that because i have this <security-constraint> which makes any
url pattern "CONFIDENTIAL", that it's causing the web service call to be
redirected as well. And its very frustrating why the following config is
NOT working (where i specify that urls starting with axis2 should be
ignored), and ws calls STILL get redirected:
<security-constraint>
<web-resource-collection>
<url-pattern>/axis2/*</url-pattern>
<url-pattern>/axis2/rest/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
Any ideas? Thanks.
-h
On Tue, Mar 10, 2009 at 9:07 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hisham,
>
> On 3/6/2009 6:21 AM, Hisham wrote:
> > <url-pattern>/*</url-pattern>
> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>
> Good.
>
> > <Connector port="80" redirectPort="443" />
> > <Connector port="443" scheme="https" secure="true"
> > clientAuth="false" sslProtocol="TLS"
> > keystoreFile="conf/keystore.jks"
> > keystorePass="xyz" maxPostSize="15728640" />
>
> Good.
>
> > I have created the certificates, etc. and it works fine and if i type
> > http://localhost I am redirected to https://localhost and the login page
> is
> > shown.
>
> Good.
>
> > But, during login, I am making a web service call. These web
> > services are deployed on the same Tomcat and are accessed via
> > http://localhost/axis2/rest...
> >
> > When i try to login I am getting an exception:
> >
> > java.net.ConnectException: Connection refused
> > at java.net.PlainSocketImpl.socketConnect(Native Method)
> > at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
>
> Presumably this happens to the web service call, not to your
> application, right? Your stack trace didn't include enough to show where
> your code comes in.
>
> "Connection Refused" indicates that you can't reach the correct service.
> Since you're connecting to localhost you're unlikely to be having
> firewall issues (though such access /could/ be blocked). My guess is
> that you've bound your <Connector> to a specific IP address using the
> "address" attribute. Did you post your entire server.xml file, or just
> the "relevant" parts? You might want to re-post with all the details.
>
> > So i figured that the web service call is also being accessed via SSL and
> > that is not supported by the caller. Anyway to get around this I have
> > tried a NUMBER of things:
> >
> > 1. I added a second security-constraint in web.xml with url pattern as
> > /axis2/* which has transport-guarantee as NONE.
> > 2. I added a 2nd <service> to my server.xml that has the web services
> > deployed on a different port.
> > 3. And a whole lot of other things that were useless :(
> >
> > Is it even possible to do this, going from https -> http (they are 2
> > separate applications mind you)? Does anyone have any suggestions on how
> to
> > fix this? This is driving me nuts! Thanks!
>
> If you get the same error (connection refused) no matter what you try,
> then my conclusion is that you'd bound your <Connector> to specific
> address. That means that you can't make a connection to localhost:80
> because nobody is listening.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkm2iTEACgkQ9CaO5/Lv0PCEewCfSTEb3+L3jl1tpa/2o5VGIvhl
> kzUAn1NK66mvK1uhyqXpUv4qsPj/Kv1z
> =FTFh
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
