tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "苗启广" <...@souvenirchina.com>
Subject Re: Automatic switch from http to https doesn't work for IE, does for Netscape
Date Sat, 09 Aug 2003 08:51:37 GMT


 2003-08-09 16:30:00 д
>Tomcat 4.0.6of you ? Could you tell me ? Thanks~~ 
>Windows 2000
>IE 5, SP3
>Netscape 7.02
>
>
>I have a website which is part public, part secure.  There are html entries
>such as "&lt a href=members/index.jsp &gt" in the public area which will
>jump to the secure area.  The site is entered, by default using
>http://localhost:8080 but the members area is protected via SSL and
>transport guarantee stanzas
> <security-constraint>
>  <web-resource-collection>
>   <web-resource-name>ScoutGroup-Secure</web-resource-name>
>   <url-pattern>/members/*</url-pattern>
>  </web-resource-collection>
>  <auth-constraint>
>    <role-name>member</role-name>
>  </auth-constraint>
>  <user-data-constraint>
>   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>  </user-data-constraint>
> </security-constraint>
>
>I understand that this should force any
>http://localhost:8080/scoutgroup/members request to switch to
>https://localhost:8443/scoutgroup/members.  Under Netscape it does and I am
>notified that I am going to a secure page, prompted to accept the SSL
>certificate then driven through my logon.jsp to
>response.encodeURL("j_security_check").  Under IE, however, I am notified
>that I am going to a secure page, prompted to accept the SSL certificate
>then told the page cannot be found.
>
>For testing purposes, I tried putting
>http://localhost:8080/scoutgroup/members in the browser's address box.
>
>The access log contains the following (with my annotations prefixed with
>////)
>//// Using IE
>127.0.0.1 - - [09/Aug/2003:15:09:28 10000] "GET
>/scoutgroup/members/index.jsp HTTP/1.1" 302 654
>127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "GET
>/scoutgroup/members/index.jsp HTTP/1.1" 302 654
>127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "  a  ] ?4?
>Yq8*+??R?I?T:?<?"??+?@?AX?? /?4? HTTP/0.9" 501 988
>
>//// Using Netscape
>127.0.0.1 - - [09/Aug/2003:15:59:48 10000] "GET
>/scoutgroup/members/index.jsp HTTP/1.1" 302 654
>127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET
>/scoutgroup/members/index.jsp HTTP/1.1" 302 654
>127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET /scoutgroup/logon.jsp
>HTTP/1.1" 200 576
>127.0.0.1 - - [09/Aug/2003:16:01:07 10000] "POST
>/scoutgroup/j_security_check HTTP/1.1" 302 654
>127.0.0.1 - nichm001 [09/Aug/2003:16:01:07 10000] "GET
>/scoutgroup/members/index.jsp HTTP/1.1" 200 427
>
>
>
>Both browsers caused the same response (SC_MOVED_TEMPORARILY/302) as they
>attempted to navigate to the security check but then IE generated something
>very peculiar and appeared to try to renegotiate the protocol to http/0.9
>before giving up.
>
>
>I've checked the logs - can't find anything more informative than above.
>
>I've tried running Tomcat via the "catalina run" command line option but
>there is no extra info there either.
>
>I know I can modify my code to always force the full path into hyperlinks
>but that's not good programming and has enormous potential for maintenance
>problems.
>
>Where do I look now?
>
>
>Murray
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
                                 mqg 

- SOUVENIR ----------- --------.
| Souvenir of China     |
| A Good Place for You  |
`--> http://www.souvenirchina.com -'
mailto:sales@souvenirchina.com




Mime
View raw message