No SSL - works, with SSL -doesn't. HELP Please
Hi, Guys! I've got a very simple application, which I'm trying to run on JBoss-2.4.4_Tomcat-4.0.1 (with JBoss-2.4.1_Tomcat-3.2.3 it works just fine with no changes).
So, if I run it with NO SSL configured, it works OK, but if I try to run it with SSL it shows me 403 error page just after authentication. I can't imagine, what could be the problem. I spent lot of time cracking it. Please pay some attention to it.
So, the structure is (file is: ecommerce.war)
| (file) 403.jsp
| (file) login.jsp
| (file) login_error.jsp
|
+---employer
| (file) index.jsp
|
\---WEB-INF
(file) jboss-web.xml
(file) web.xml
===403.jsp===
Error 403 - test
===403.jsp===
===login.jsp===
Login: - test
username
password
===login.jsp===
===login_error.jsp===
Login error - test
===login_error.jsp===
===employer - index.jsp===
EMPLOYER
===employer - index.jsp===
===WEB-INF - jboss-web.xml===
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/ecommerce</security-domain>
</jboss-web>
===WEB-INF - jboss-web.xml===
===WEB-INF - web.xml===
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>ecommerce</display-name>
<error-page>
<error-code>403</error-code>
/403.jsp
</error-page>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/employer/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>employer</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ecommerce</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login_error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
===WEB-INF - web.xml===
=== jboss.jcml SSL configuration ===
org.jboss.security.plugins.JaasSecurityManager
file:/C:/JBoss-2.4.4_Tomcat-4.0.1/catalina/.keystore
password
80
443
=== jboss.jcml SSL configuration ===
=== portion of auth.conf ===
// The default server login module
ecommerce {
// A simple server login module, which can be used when the number
// of users is relatively small. It uses two properties files:
// users.properties, which holds users (key) and their password (value).
// roles.properties, which holds users (key) and a comma-separated list of their roles (value).
// The unauthenticatedIdentity property defines the name of the principal
// that will be used when a null username and password are presented as is
// the case for an unuathenticated web client or MDB. If you want to
// allow such users to be authenticated add the property, e.g.,
// unauthenticatedIdentity="nobody"
org.jboss.security.auth.spi.UsersRolesLoginModule required
;
};
=== portion of auth.conf ===
So, I'm trying to access it as follows:
https://localhost/ecommerce/employer/index.jsp
it displays the login screen, and after I enter the right name and password, it displays my 403 error page. If I do the same with no SSL (in configuration of jboss/catalina with SSL switched off), it displays employer.jsp page after loggin in.
Let me repeat, Jboss/Tomcat 3 works just fine with and without SSL.
Please, any ideas!!!