JBOSS 3.2.3 and SSL (mixing http and https request)

jcorbin4607 Mar 17, 2004 3:34 PM

Hello,

I have successfully setup and configured my JBOSS 3.2.3 installation to use SSL. My installation uses the TomCat webserver.

The initial access into my site uses https and it seems that even purposefully non-secure URL's (http) get treated as secure.

I am fairly new to configuring SSL on JBOSS but I would have imagined that I could mix HTTP and HTTPS URLs on my site and they would be handled accordingly.

Am I missing something?

J.D.

1. Re: JBOSS 3.2.3 and SSL (mixing http and https request)

jcorbin4607 Mar 17, 2004 4:00 PM (in response to jcorbin4607)

I think I found the answer to my question.

The secure URL I was testing against was being dynamically built from the HttpSerlvetRequest and I simply changed the http to https without changing the URL to point to the secure port. The URL was pulling the port from the request in this manner.

....request.getServerPort()...

well, initially the site was accessed through the non-secure port (8080) so this was the value getting plugged into the URL...net effect is an invalid URL.

https://somesite:8080/...

when in fact the port should have been 8443 as in,

https://somesite:8443/...

J.D.
Actions