Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 31204 invoked by uid 500); 15 Oct 2001 21:04:48 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk Reply-To: tomcat-user@jakarta.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 31177 invoked from network); 15 Oct 2001 21:04:47 -0000 X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Workaround for IIS redirector + SSL problem ?? Date: Mon, 15 Oct 2001 17:05:22 -0400 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Workaround for IIS redirector + SSL problem ?? Thread-Index: AcFVuyanwh5fexaRTWiOAFz+xvhRvQAAUJgw From: "Hawkins, Keith (Keith)" To: Cc: X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Yes. request.isSecure() does work in 3.2 I just tried it. I didn't know about that method. Thanks for the suggestion. So it looks like I can put a check at the top of the jsp pages and kick out if https is not being used. -Keith -----Original Message----- From: Ignacio J. Ortega [mailto:nacho@siapi.es] Sent: Monday, October 15, 2001 4:49 PM To: 'tomcat-user@jakarta.apache.org' Subject: RE: Workaround for IIS redirector + SSL problem ?? > Ignacio, >=20 > I was using Tomcat 3.2 on my dev machine on my desk. Our product will > be shipping with Tomcat 3.3, so I can try it in the lab which=20 > is running > 3.3 to see if I get better results. (I haven't gotten around to > upgrading my office machine to 3.3 yet. I guess I should now.) >=20 is request.isSecure not working at all in 3.2.X?=20 > One related question.... what would happen if I followed the > instructions regarding configuring SSL for Stand-Alone Tomcat? Would > that help me at all? I wanted to find out before I go through all the > steps of configuring the connector, installing a cert, etc. >=20 To configure SSL in Tomcat 3.3 Standalone will help a bit, precisely in the area of redirections from http to https, and noCookies sessions.., i advice you to do so..=20 Saludos , Ignacio J. Ortega > Thanks, > Keith >=20 >=20 > -----Original Message----- > From: Ignacio J. Ortega [mailto:nacho@siapi.es] > Sent: Monday, October 15, 2001 4:25 PM > To: 'tomcat-user@jakarta.apache.org' > Subject: RE: Workaround for IIS redirector + SSL problem ?? >=20 >=20 > > Another problem I noticed is that the=20 > > HttpRequest.getAuthType() returns > > "null" even if I redirect from an HTML page that is SSL=20 > > protected by IIS > > to a JSP page. Shouldn't at least the auth type be preserved?? =20 >=20 > Which version of tomcat are you using? >=20 > I know this works in Tomcat 3.3, not sure about 3.2.x.. >=20 > request.isSecure() does not work for you? >=20 > >=20 > > Can the SSL fix to the redirector be expected in the next few=20 > > months or > > not? You mentioned a need to detect the IIS version in order=20 > > to correct > > the problem. Couldn't the IIS version be added as value in a Tomcat > > config file (wrapper.properties maybe) to avoid having to=20 > dynamically > > determine the value? >=20 > The file need to be one in the filter initialization this can be uwm.p > file or w.p file, not sure but not wrapper.p, this is only used by > jk_nt_service not for isapi_redirector.dll, but can be a workaround to > the auto detection of IIS version.. i will try to dig into.. >=20 > And yes, a solution is expected in the next months.., either=20 > if somebody > come up with a patch, i'll be glad to test it and commit. >=20 > any takers? :)=20 >=20 > Saludos , > Ignacio J. Ortega >=20 >=20 > >=20 > > -Keith > >=20 > > -----Original Message----- > > From: Ignacio J. Ortega [mailto:nacho@siapi.es] > > Sent: Monday, October 15, 2001 3:04 PM > > To: 'tomcat-user@jakarta.apache.org' > > Subject: RE: Workaround for IIS redirector + SSL problem ?? > >=20 > >=20 > > The problem is not general, you can use SSL in IIS and get tomcat to > > work with IIS seamlesly and using SSL, what you can not do=20 > ( AFAIK) is > > to config IIS in the way you propose to only protect by SSL=20 > > one virtual > > dir, but what you can do as Michael points, is to install a SSL > > certificate in the entire iis and later making a redirection to the > > https url.. without problems.. > >=20 > > Well one problem , the redirections to work from http to=20 > https needs a > > JSSE installation in the server machine..,=20 > >=20 > > Saludos , > > Ignacio J. Ortega > >=20 > >=20 > > > -----Mensaje original----- > > > De: Hawkins, Keith (Keith) [mailto:kphawkins@avaya.com] > > > Enviado el: lunes 15 de octubre de 2001 20:02 > > > Para: tomcat-user > > > Asunto: Workaround for IIS redirector + SSL problem ?? > > >=20 > > >=20 > > >=20 > > > I received a reply to my post regarding configuring IIS=20 > > redirector for > > > use with SSL. (See below.) > > >=20 > > > The reply indicates that the IIS redirector has the unfortunate > > > side-effect of bypassing SSL security and that a patch for=20 > > the problem > > > is in the works but won't be available immediately. =20 > > >=20 > > > So what are my options? Can I follow the instructions for having > > > Tomcat perform SSL and still use the IIS redirector? =20 > Will that even > > > work? > > >=20 > > > Any suggestions are welcome. I am sure that I am not the=20 > > only one who > > > needs SSL + IIS redirector simultaneously. What are other=20 > > > people doing > > > to get past this problem? > > >=20 > > > Thanks, > > > Keith > > >=20 > > >=20 > > >=20 > > >=20 > > >=20 > > >=20 > >=20 >=20