tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ignacio J. Ortega" <na...@siapi.es>
Subject RE: Workaround for IIS redirector + SSL problem ??
Date Mon, 15 Oct 2001 20:48:55 GMT
> Ignacio,
> 
> I was using Tomcat 3.2 on my dev machine on my desk.  Our product will
> be shipping with Tomcat 3.3, so I can try it in the lab which 
> is running
> 3.3 to see if I get better results.  (I haven't gotten around to
> upgrading my office machine to 3.3 yet.  I guess I should now.)
> 

is request.isSecure not working at all in 3.2.X? 

> One related question.... what would happen if I followed the
> instructions regarding configuring SSL for Stand-Alone Tomcat?  Would
> that help me at all?  I wanted to find out before I go through all the
> steps of configuring the connector, installing a cert, etc.
> 

To configure SSL in Tomcat 3.3 Standalone will help a bit, precisely in
the area of redirections from http to https, and noCookies sessions.., i
advice you to do so.. 

Saludos ,
Ignacio J. Ortega



> Thanks,
> Keith
> 
> 
> -----Original Message-----
> From: Ignacio J. Ortega [mailto:nacho@siapi.es]
> Sent: Monday, October 15, 2001 4:25 PM
> To: 'tomcat-user@jakarta.apache.org'
> Subject: RE: Workaround for IIS redirector + SSL problem ??
> 
> 
> > Another problem I noticed is that the 
> > HttpRequest.getAuthType() returns
> > "null" even if I redirect from an HTML page that is SSL 
> > protected by IIS
> > to a JSP page.  Shouldn't at least the auth type be preserved??  
> 
> Which version of tomcat are you using?
> 
> I know this works in Tomcat 3.3, not sure about 3.2.x..
> 
> request.isSecure() does not work for you?
> 
> > 
> > Can the SSL fix to the redirector be expected in the next few 
> > months or
> > not?  You mentioned a need to detect the IIS version in order 
> > to correct
> > the problem.  Couldn't the IIS version be added as value in a Tomcat
> > config file (wrapper.properties maybe) to avoid having to 
> dynamically
> > determine the value?
> 
> The file need to be one in the filter initialization this can be uwm.p
> file or w.p file, not sure but not wrapper.p, this is only used by
> jk_nt_service not for isapi_redirector.dll, but can be a workaround to
> the auto detection of IIS version.. i will try to dig into..
> 
> And yes, a solution is expected in the next months.., either 
> if somebody
> come up with a patch, i'll be glad to test it and commit.
> 
> any takers? :) 
> 
> Saludos ,
> Ignacio J. Ortega
> 
> 
> > 
> > -Keith
> > 
> > -----Original Message-----
> > From: Ignacio J. Ortega [mailto:nacho@siapi.es]
> > Sent: Monday, October 15, 2001 3:04 PM
> > To: 'tomcat-user@jakarta.apache.org'
> > Subject: RE: Workaround for IIS redirector + SSL problem ??
> > 
> > 
> > The problem is not general, you can use SSL in IIS and get tomcat to
> > work with IIS seamlesly and using SSL, what you can not do 
> ( AFAIK) is
> > to config IIS in the way you propose to only protect by SSL 
> > one virtual
> > dir, but what you can do as Michael points, is to install a SSL
> > certificate in the entire iis and later making a redirection to the
> > https url.. without problems..
> > 
> > Well one problem , the redirections to work from http to 
> https needs a
> > JSSE installation in the server machine.., 
> > 
> > Saludos ,
> > Ignacio J. Ortega
> > 
> > 
> > > -----Mensaje original-----
> > > De: Hawkins, Keith (Keith) [mailto:kphawkins@avaya.com]
> > > Enviado el: lunes 15 de octubre de 2001 20:02
> > > Para: tomcat-user
> > > Asunto: Workaround for IIS redirector + SSL problem ??
> > > 
> > > 
> > > 
> > > I received a reply to my post regarding configuring IIS 
> > redirector for
> > > use with SSL. (See below.)
> > > 
> > > The reply indicates that the IIS redirector has the unfortunate
> > > side-effect of bypassing SSL security and that a patch for 
> > the problem
> > > is in the works but won't be available immediately.  
> > > 
> > > So what are my options?   Can I follow the instructions for having
> > > Tomcat perform SSL and still use the IIS redirector?  
> Will that even
> > > work?
> > > 
> > > Any suggestions are welcome.  I am sure that I am not the 
> > only one who
> > > needs SSL + IIS redirector simultaneously.  What are other 
> > > people doing
> > > to get past this problem?
> > > 
> > > Thanks,
> > > Keith
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > 
> 

Mime
View raw message