2 Replies Latest reply on Jan 31, 2002 7:23 AM by vadimp

    No SSL - works, with SSL -doesn't. HELP Please

    vadimp Newbie

      Hi, Guys! I've got a very simple application, which I'm trying to run on JBoss-2.4.4_Tomcat-4.0.1 (with JBoss-2.4.1_Tomcat-3.2.3 it works just fine with no changes).

      So, if I run it with NO SSL configured, it works OK, but if I try to run it with SSL it shows me 403 error page just after authentication. I can't imagine, what could be the problem. I spent lot of time cracking it. Please pay some attention to it.

      So, the structure is (file is: ecommerce.war)

      | (file) 403.jsp
      | (file) login.jsp
      | (file) login_error.jsp
      |
      +---employer
      | (file) index.jsp
      |
      \---WEB-INF
      (file) jboss-web.xml
      (file) web.xml

      ===403.jsp===


      Error 403 - test


      ===403.jsp===

      ===login.jsp===


      Login: - test

      username
      password





      ===login.jsp===

      ===login_error.jsp===


      Login error - test


      ===login_error.jsp===

      ===employer - index.jsp===


      EMPLOYER


      ===employer - index.jsp===

      ===WEB-INF - jboss-web.xml===
      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
      <security-domain>java:/jaas/ecommerce</security-domain>
      </jboss-web>
      ===WEB-INF - jboss-web.xml===

      ===WEB-INF - web.xml===
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
      <web-app>
      <display-name>ecommerce</display-name>

      <error-page>
      <error-code>403</error-code>
      /403.jsp
      </error-page>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>
      <url-pattern>/employer/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>

      <auth-constraint>
      <role-name>employer</role-name>
      </auth-constraint>

      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>ecommerce</realm-name>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/login_error.jsp</form-error-page>
      </form-login-config>
      </login-config>
      </web-app>
      ===WEB-INF - web.xml===

      === jboss.jcml SSL configuration ===

      org.jboss.security.plugins.JaasSecurityManager







      file:/C:/JBoss-2.4.4_Tomcat-4.0.1/catalina/.keystore
      password




      80
      443










      === jboss.jcml SSL configuration ===

      === portion of auth.conf ===
      // The default server login module
      ecommerce {
      // A simple server login module, which can be used when the number
      // of users is relatively small. It uses two properties files:
      // users.properties, which holds users (key) and their password (value).
      // roles.properties, which holds users (key) and a comma-separated list of their roles (value).
      // The unauthenticatedIdentity property defines the name of the principal
      // that will be used when a null username and password are presented as is
      // the case for an unuathenticated web client or MDB. If you want to
      // allow such users to be authenticated add the property, e.g.,
      // unauthenticatedIdentity="nobody"
      org.jboss.security.auth.spi.UsersRolesLoginModule required
      ;
      };
      === portion of auth.conf ===

      So, I'm trying to access it as follows:
      https://localhost/ecommerce/employer/index.jsp
      it displays the login screen, and after I enter the right name and password, it displays my 403 error page. If I do the same with no SSL (in configuration of jboss/catalina with SSL switched off), it displays employer.jsp page after loggin in.
      Let me repeat, Jboss/Tomcat 3 works just fine with and without SSL.

      Please, any ideas!!!