tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hawkins, Keith (Keith)" <kphawk...@avaya.com>
Subject RE: Workaround for IIS redirector + SSL problem ??
Date Mon, 15 Oct 2001 20:43:43 GMT
Ignacio,

I was using Tomcat 3.2 on my dev machine on my desk.  Our product will
be shipping with Tomcat 3.3, so I can try it in the lab which is running
3.3 to see if I get better results.  (I haven't gotten around to
upgrading my office machine to 3.3 yet.  I guess I should now.)

One related question.... what would happen if I followed the
instructions regarding configuring SSL for Stand-Alone Tomcat?  Would
that help me at all?  I wanted to find out before I go through all the
steps of configuring the connector, installing a cert, etc.

Thanks,
Keith


-----Original Message-----
From: Ignacio J. Ortega [mailto:nacho@siapi.es]
Sent: Monday, October 15, 2001 4:25 PM
To: 'tomcat-user@jakarta.apache.org'
Subject: RE: Workaround for IIS redirector + SSL problem ??


> Another problem I noticed is that the 
> HttpRequest.getAuthType() returns
> "null" even if I redirect from an HTML page that is SSL 
> protected by IIS
> to a JSP page.  Shouldn't at least the auth type be preserved??  

Which version of tomcat are you using?

I know this works in Tomcat 3.3, not sure about 3.2.x..

request.isSecure() does not work for you?

> 
> Can the SSL fix to the redirector be expected in the next few 
> months or
> not?  You mentioned a need to detect the IIS version in order 
> to correct
> the problem.  Couldn't the IIS version be added as value in a Tomcat
> config file (wrapper.properties maybe) to avoid having to dynamically
> determine the value?

The file need to be one in the filter initialization this can be uwm.p
file or w.p file, not sure but not wrapper.p, this is only used by
jk_nt_service not for isapi_redirector.dll, but can be a workaround to
the auto detection of IIS version.. i will try to dig into..

And yes, a solution is expected in the next months.., either if somebody
come up with a patch, i'll be glad to test it and commit.

any takers? :) 

Saludos ,
Ignacio J. Ortega


> 
> -Keith
> 
> -----Original Message-----
> From: Ignacio J. Ortega [mailto:nacho@siapi.es]
> Sent: Monday, October 15, 2001 3:04 PM
> To: 'tomcat-user@jakarta.apache.org'
> Subject: RE: Workaround for IIS redirector + SSL problem ??
> 
> 
> The problem is not general, you can use SSL in IIS and get tomcat to
> work with IIS seamlesly and using SSL, what you can not do ( AFAIK) is
> to config IIS in the way you propose to only protect by SSL 
> one virtual
> dir, but what you can do as Michael points, is to install a SSL
> certificate in the entire iis and later making a redirection to the
> https url.. without problems..
> 
> Well one problem , the redirections to work from http to https needs a
> JSSE installation in the server machine.., 
> 
> Saludos ,
> Ignacio J. Ortega
> 
> 
> > -----Mensaje original-----
> > De: Hawkins, Keith (Keith) [mailto:kphawkins@avaya.com]
> > Enviado el: lunes 15 de octubre de 2001 20:02
> > Para: tomcat-user
> > Asunto: Workaround for IIS redirector + SSL problem ??
> > 
> > 
> > 
> > I received a reply to my post regarding configuring IIS 
> redirector for
> > use with SSL. (See below.)
> > 
> > The reply indicates that the IIS redirector has the unfortunate
> > side-effect of bypassing SSL security and that a patch for 
> the problem
> > is in the works but won't be available immediately.  
> > 
> > So what are my options?   Can I follow the instructions for having
> > Tomcat perform SSL and still use the IIS redirector?  Will that even
> > work?
> > 
> > Any suggestions are welcome.  I am sure that I am not the 
> only one who
> > needs SSL + IIS redirector simultaneously.  What are other 
> > people doing
> > to get past this problem?
> > 
> > Thanks,
> > Keith
> > 
> > 
> > 
> > 
> > 
> > 
> 

Mime
View raw message