tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Rumney <jrum...@att.com>
Subject Re: Tomcat 3.1 + HTTPS + redirects
Date Mon, 07 Aug 2000 13:07:06 GMT
"Edward W. Rouse" <erouse@vei.net> writes:

> I haven't been following this thread very closely, but I had the
> same experience using Netscape's Enterprise server. I got around it
> by checking for port number 443. On our system, all https requests
> went to the default port 443. If you are setup to use a different
> port for https then you would check for that port instead.

This may prove to be the only portable workaround.

The intention is to have the use of SSL or not configurable at install
time - preferably with minimal editing of files (starting apache with
"apachectl startssl" rather than "apachectl start" would ideally be
the only difference). This makes hardcoding the full URLs infeasible.

I have been looking through the tomcat-dev archives, and it appears
that this problem has been noticed before, and will presumably be
fixed by the time 3.2 is released.


> Joe Shevland wrote:
> 
> > Excuse my lurker status until now, but I've been puzzled by
> >request.getScheme() not returning 'https' for SSL connections as
> >well... even going back to JServ days. I've also verified (out of
> >sheer paranoia ;) that the connections are encrypted (via a traffic
> >capture). Having said that, I couldn't rely on Jserv/Tomcat to tell
> >me whether a connection was via SSL or not (hadn't spotted the
> >isSecure() method yet).
> >
> > I've also had problems with response.sendRedirect() which up until
> > now I've worked around using absolute URL's i.e. not optimal ;).


-- 
Jason Rumney <jrumney@att.com>
AT&T Labs (Redditch, UK)


Mime
View raw message