tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 8752] New: - HTTPS redirect fails if using welcome-file
Date Thu, 02 May 2002 18:56:30 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8752>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8752

HTTPS redirect fails if using welcome-file

           Summary: HTTPS redirect fails if using welcome-file
           Product: Tomcat 4
           Version: 4.0.3 Final
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Unknown
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: bangrazi@aprisma.com


I've found what I think is a bug with Tomcat automatically redirecting requests 
through SSL (from 8080 to 8443) if the request is made to a directory rather 
than to a specific file.

The setup:
Installed Tomcat 4.0.3 (final) (run with J2SDK 1.3.1_03). To configure SSL, I 
created a self-signed certificate, and configured Tomcat (via server.xml) to 
use it, by uncommenting the "Define an SSL HTTP/1.1 Connector on port 8443" 
element and congifuring appropriately.

I then created a web app whose web.xml's "security-constraint" included 
a "transport-guarantee" of CONFIDENTIAL. The web-app consisted of a single JSP 
file that said basically "hello, [remote-user]". The web application's 
deployment descriptor indicated that this page should be accessed via SSL.

If I point my browser (IE) directly to the JSP file 
(http://localhost:8080/ssl/index.jsp"), the redirect happens as I expected 
(https://localhost:8443/ssl/index.jsp) and the "lock" shows up in the browser.

If, however, I point my browser at http://localhost:8080/ssl/, and have 
a "welcome-file" specification of "/index.jsp", the browser seems to time-out 
(give up on the request) waiting for the server to respond. This is what I 
think is the bug. I would expect the server to correctly use the welcome-file 
when browsing to a path, even when using SSL.

Here is the code of my web app:

ssl/index.jsp:
<html>
<body>

  <h1>Hello, <%= request.getRemoteUser( ) %>!</h1>

  <p>You should be seeing this via HTTPS.</p>

</body>
</html>

ssl/WEB-INF/web.xml:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC
          "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
          "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

  <welcome-file-list>
    <welcome-file>/index.jsp</welcome-file>
  </welcome-file-list>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>SSL Test</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <description>All roles</description>
      <role-name>*</role-name>
    </auth-constraint>
    <user-data-constraint>
      <description>force use of SSL</description>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>SSL Test</realm-name>
  </login-config>

</web-app>

build.xml:
<?xml version="1.0"?>
<project name="ssl" default="all" basedir=".">

  <property name="app.name" value="ssl"/>
  <property name="catalina.home"
            value="<path-to-my-catalina-home>" />

  <target name="war">
    <jar jarfile="${app.name}.war" basedir="war"/>
  </target>


  <target name="deploy">
    <delete dir="${catalina.home}/webapps/${app.name}"/>
    <delete file="${catalina.home}/webapps/${app.name}.war"/>
    <copy file="${app.name}.war" todir="${catalina.home}/webapps"/>
  </target>


  <target name="all" depends="war"/>


  <target name="clean">
    <delete file="${app.name}.war"/>
  </target>

</project>

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message