tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Edward W. Rouse" <ero...@vei.net>
Subject Re: Tomcat 3.1 + HTTPS + redirects
Date Mon, 07 Aug 2000 12:00:30 GMT
I haven't been following this thread very closely, but I had the same experience using Netscape's
Enterprise server. I got around it by checking for port number 443. On our system, all https
requests went to the default port 443. If you are setup to use a different port for https
then you would check for that port instead.
Ed.

Joe Shevland wrote:

> Excuse my lurker status until now, but I've been puzzled by request.getScheme() not returning
'https' for SSL connections as well... even going back to JServ days. I've also verified (out
of sheer paranoia ;) that the connections are encrypted (via a traffic capture). Having said
that, I couldn't rely on Jserv/Tomcat to tell me whether a connection was via SSL or not (hadn't
spotted the isSecure() method yet).
>
> I've also had problems with response.sendRedirect() which up until now I've worked around
using absolute URL's i.e. not optimal ;).
>
> Regards,
> Joe
>
> >-----Original Message-----
> >From: jrumney@venice.ipo.att.com [mailto:jrumney@venice.ipo.att.com]On
> >Behalf Of Jason Rumney
> >Sent: Monday, 7 August 2000 9:15 PM
> >To: tomcat-user@jakarta.apache.org
> >Subject: Re: Tomcat 3.1 + HTTPS + redirects
> >
> >
> >Amos Shapira <amos.shapira@webcollage.com> writes:
> >
> >> Hmm,
> >>
> >> First, it sounds possibly like a bug since the description of
> >> javax.servlet.ServletRequest.getScheme() specifically lists "http" and
> >> "https" as examples of possible return values.
> >>
> >> Another way, not as clean as the originally proposed solution (which I
> >> understand not to help), but maybe you can get the scheme and
> >> add an "s" to it according to the return value of
> >> javax.servlet.ServletRequest.isSecure()?
> >
> >request.isSecure() returns false (which is probably connected to
> >getScheme() returning "http").  Ajp12ConnectionHandler.java does not
> >appear to set a secure flag, or the scheme, so unless code elsewhere is
> >parsing the request line and headers it appears that getScheme() will
> >not work in Tomcat 3.1.
> >
> >
> >> Also, are you 100% sure that https was actually used and not dropped
> >> due to some certificate problems and such?
> >
> >I would be very surprised, and worried, if mod_ssl does such things
> >silently behind the back of both user and server administrator.
> >Certainly the logs indicate that "SSLv3 RC4-MD5" was used for the
> >previous POST (which the redirect is being sent in response to).
> >
> >
> >
> >--
> >Jason Rumney <jrumney@att.com>
> >AT&T Labs (Redditch, UK)
> >
> >


Mime
View raw message