-
1. Re: SSL in JBoss
awaisbajwa Oct 20, 2005 5:23 AM (in response to awaisbajwa)I am using JBoss 3.2.3 and hence Tomcat 4
-
2. Re: SSL in JBoss
awaisbajwa Oct 22, 2005 2:12 AM (in response to awaisbajwa)Any JBoss guru can answer this question ?
it has become a bottle neck and i believe it is a tiny issue.
regards -
-
4. Re: SSL in JBoss
awaisbajwa Oct 24, 2005 1:17 AM (in response to awaisbajwa)Hi Scott,
Thanks for your reply, but you didnt understand my probelm. And there is no fruit in the link you sent me, as I've already completed steps iin the link suggested by you.
Once again:
I have installed SSl certificate successfully as provided in the wiki's link above. Now my site is working fine using HTTPS:
My requirement:
I have given my client the URL http://abc.com after implementing SSL I have https://abc.com. Now I cannot give Https://abc.com to my client.
At the same time I dont want http: access to my web site other then the login Page. To achieve that I have to disable 80 port to and allow 443 port to restrict Http and to allow only https.
So what should I do, so that whenever client types http://abc.com the page automatically redirects to https://abc.com, keep in mind I dont want Http:// access to my site other then the login page.
Regards
Awais Bajwa -
5. Re: SSL in JBoss
afedoren Oct 24, 2005 3:00 AM (in response to awaisbajwa)The best idea is to use Apache in front of Tomcat.
The advantages :
- ability to use just one SSL certificate to handle multiple sites ( apps )
using mod_proxy module
http://httpd.apache.org/docs/2.0/mod/mod_proxy.html
- ability to rewrite URLs in any way to archieve desired behaviour
http://httpd.apache.org/docs/2.0/misc/rewriteguide.html
for example, it is easy to rewrite your login page to use http://
always :
Example :
1) this forces to rewrite any URL with /login.jsp page to http://
RewriteEngine on
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^/login.jsp http://your.site.com/login.jsp [L,R]
2) this forces to rewrite any URL with /secure/* page to https://
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/secure/(.*)$ https://your.site.com/secure/$1 [L,R] -
6. Re: SSL in JBoss
awaisbajwa Oct 24, 2005 4:34 AM (in response to awaisbajwa)it is great information if I use Apache.. thanks ....
But please tell me, do I need to use Apache or Jboss's tomcat server would be sufficient? ..
In case of Jboss, how can I achieve snme behaviour ?
Thanks for understanding my problem ..
looking forward..
Awais Bajwa -
7. Re: SSL in JBoss
afedoren Oct 24, 2005 5:24 AM (in response to awaisbajwa)
About tomcat, I think, you should check current schema
( http or https ) and forward to some start page with desired schema .
Maybe you can use filters for it.
Use separate filter for login page that checks about http only.
About other pages, use filter that accepts only https.
In the case if schema does not match, forward/redirect to another location or
show error/reminder/advise or somewhatsoever.
The advantage of filters is that you can turn 'em on/off just to archieve
desired behaviour.