tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 19145] - http to https redirect fails on non-standard ports
Date Wed, 04 Jun 2003 20:49:22 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19145>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19145

http to https redirect fails on non-standard ports





------- Additional Comments From bugzilla@sbdconsultants.com  2003-06-04 20:49 -------
Here is the response from telnet...

HTTP/1.1 302 Moved Temporarily
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://localhost:8443/hello1/greeting
Content-Type: text/plain
Content-Length: 0
Date: Wed, 04 Jun 2003 20:02:25 GMT
Server: Apache Coyote/1.0

...but I don't think that problem is with the initial redirect.

When the initial redirect happens in IE, I am prompted to accept the self-
signed certificate that I created for development.  The problem happens after 
the subsequent redirect to the FORM-style authentication login page...

Here is a little more background...

The resource that I'm requesting is configured to be CONFIDENTIAL and require 
(FORM-based) authentication.  So this is the request/response story-board that 
I would expect...

1a) Request: http://localhost:8080/hello1/greeting
1b) Response: 302, https://localhost:8443/hello1/greeting
2a) Request: https://localhost:8443/hello1/greeting
2b) Response: 302, https://localhost:8443/hello1/login.jsp
3a) Request: https://localhost:8443/hello1/login.jsp
3b) Response: 200 https://localhost:8443/hello1/login.jsp

I am speculating about steps 2b, 3a, and 3b because I am not sure how to go 
about snooping HTTPS requests.  (I tried using SSH a la PuTTY, but I couldn't 
get it to work.)

It works if I disable either the auth-constraint or the transport-constraint 
(thus changing the story-board).  It also works if I enter into the original 
story-board at 2a instead of 1a when both the auth-constraint and transport-
constraint are enabled.

It also works fine in IE if I use BASIC authentication instead of FORM 
authentication.

It looks like the problem happens when IE receives two subsequent 302 
responses.  In the case of the second 302 response, the port specified in the 
response is not used by IE in the subsequent request; it uses the default port 
for the protocol.  In other words, I suspect that Internet Explorer isn't using 
the port specified in 2b in its request of 3a, which would explain why having 
the second Coyote connector on port 443 allowed Internet Explorer to work.  

I should also add that I downloaded Mozilla Firebird and it was successfully 
redirected to the correct page.  It definitely looks to be an Internet Explorer 
related bug.  :-(

Thanks for your help, Remy.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message