0 Replies Latest reply on Aug 8, 2002 11:30 PM by Quan

    SSL Redirection Promblem

    Quan Newbie

      Hi,

      My problem is that I can't redirect back to HTTP from HTTPS. I've configured successfully JBoss2.4.4-Tomcat4.0.1 to open two ports 80 and 443 for HTTP and HTTPS respectively. Specifically, I have generated a keystore and have the following in my jboss.jcml





      keystore
      changeit


      ...


      80
      443










      <!-- SSL/TLS Connector configuration -->








      Everything works well. In my web.xml file, I add the following

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Index page</web-resource-name>
      Declarative security tests
      <url-pattern>/index.jsp</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Administrator</role-name>
      </auth-constraint>
      <user-data-constraint>
      None security
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Login page</web-resource-name>
      Declarative security tests
      <url-pattern>/login.jsp</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      </web-resource-collection>
      <user-data-constraint>
      Security connection for login page
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/login.jsp</form-error-page>
      </form-login-config>
      </login-config>

      When I first open index.jsp page using a browser, web server forward me to login.jsp page, and at this page, it automatically redirects from HTTP to HTTPS, and after I logged in successfully, I reach index.jsp page, but here, browser still uses HTTPS. Where are my configuration mistakes ? Or is there any way for it to redirect back to HTTP from HTTPS?

      Thanks
      Quan