-
1. Re: SSL Redirection with Bundle
coetmeur Jan 25, 2002 12:00 PM (in response to tclouser)I've tried to solve your kind of problem,
ie to have an HTTP catalina connector that
automatically redirect to an HTTPS
catalina connector, whenever the
web-app/security-constraint/
user-data-constraint/transport-guarantee
is set to CONFIDENTIAL or INTEGRAL
I have patched catalina MBean so that it support
a redirectPort parameter...
I have 2 similar pair of HTTP/HTTPS connectors,
the first pair, associate the usual HTTP
connector, configured as usual, with a redirectport
to a connector configured in a "Config" XML attribute...
the second pair of connectors are configured purely
in the Config XML attribute, the HTTP connector pointing
on the HTTPS connector
each of the 4 connectors works perfectly,
except that the redirection HTTP->HTTPS
when transport-guarantee is CONFIDENTIAL
does not works at all...
I'm investigating further,
but I'm afraid this is a catalina problem...
maybe something about the "Embedded" class
which is not used by default on standalone tomcat4...
my jboss.jcml contains:
<!-- Embedded Tomcat 4.x - JBossSX SecurityDomain (JaasSecurityDomain) -->
../conf/tomcat.jks
changeit
<!-- Uncomment to add embedded catalina service -->
80
http
443
999
my web.xml contains
<web-app>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>Login_utilisateur.jsp</welcome-file>
</welcome-file-list>
<!-- a mettre ABSOLUMENT avant les ejb-ref... l'ordre importe !!! -->
<security-constraint>
<web-resource-collection>
<web-resource-name>protected-lilafinance</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
... -
2. Re: SSL Redirection with Bundle
tclouser Jan 25, 2002 1:30 PM (in response to tclouser)The answer...
you have to configure the support of HTTPS URL...
ie add to jboss.properties the line:
#JSSE https URL support
java.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
A big thanks to Alain Coetmeur for nailing this one.
TC -
3. Re: SSL Redirection with Bundle
bchi49 Jan 26, 2002 2:32 AM (in response to tclouser)The redirect from non-secured port 8080 to secured port 8443 does not work. I got this exception:
[INFO,EmbeddedCatalinaServiceSX] StandardHost[localhost]: MAPPING configuration error for request URI
[ERROR,EmbeddedCatalinaServiceSX] HttpProcessor[8080][4] process.invoke
java.lang.NullPointerException
at org.apache.catalina.valves.ErrorDispatcherValve.status(ErrorDispatcherValve.java:280)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:180)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106)
at java.lang.Thread.run(Thread.java:484) -
4. Re: SSL Redirection with Bundle
coetmeur Jan 28, 2002 6:08 AM (in response to tclouser)BINGO, it works !!!!
the solution seems strange, but setting
catalina to debuglevel=2 helped much...
the problem was that the https URL
were not supported but the URL class ...
the solution is written in JSSE doc :
just add this to jboss.properties
or add the equivalent
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
option
#JSSE
#https URL support
java.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
By the way note, that as usual space at the end of line
in a property file is important...
it have cause problems to me 3 times and I've lost hours on such subtleties... -
5. Re: SSL Redirection with Bundle
coetmeur Jan 28, 2002 6:41 AM (in response to tclouser)I don't fire what is the problem but, as it works for
me this can be a minor error...
JSSE installation is not trivial:
- one have to add the JSSE provider
in jre/lib/security/java.security
I have this in mine... (jsse and jce)
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.rsajca.Provider
#added for jsse
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
#added for jce
security.provider.4=com.sun.crypto.provider.SunJCE
-the other problem is the one I've cited
earlier (the HTTPS URL handler to configure),
but I think you have used the trick...
however the message I see seems to accuse
the web.xml (or application.xml in a .ear)
deployment file...
try to put jboss in debug mode,
this trigger the catalina debugLevel#2
which will give you much more info...
note that I've also added a patch to control
catalina debuglevel from the jboss.jcml...
I should publish my changes soon...
hope this helps
>The redirect from non-secured port 8080
> to secured port 8443 does not work. I got this exception:
>[INFO,EmbeddedCatalinaServiceSX] StandardHost[localhost]: MAPPING configuration error for request URI
>[ERROR,EmbeddedCatalinaServiceSX] HttpProcessor[8080][4] process.invoke
>java.lang.NullPointerException
at org.apache.catalina.valves.ErrorDispatcherValve.status(ErrorDispatcherValve.java:280) -
6. Re: SSL Redirection with Bundle
bchi49 Jan 28, 2002 11:28 AM (in response to tclouser)Acutally it works for me for redirecting from port 8080 to 8443 if I type in the default login page configured in the web.xml on the URL. e.x. If I type URL "http://localhost:8080/secured/login.jsp" it'll redirect to "https://localhost:8443/secured/login.jsp", but if I type in only "http://localhost:8080/secured/" then the server throws that null pointer exception. But if I were to use the default ports such as 80 and 443 then both cases works fine.
-
7. Re: SSL Redirection with Bundle
statei Feb 7, 2002 8:14 AM (in response to tclouser)bchi49,
Check this one, it might help you
http://main.jboss.org/thread.jsp?forum=49&thread=7762
Iulian