From mqg@souvenirchina.com Sat Aug 9 08:50:55 2003 Return-Path: Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 76342 invoked from network); 9 Aug 2003 08:50:55 -0000 Received: from unknown (HELO souvenirchina.com) (211.152.51.122) by daedalus.apache.org with SMTP; 9 Aug 2003 08:50:55 -0000 Received: from snowicemiao [202.117.121.81] by souvenirchina.com with ESMTP (SMTPD32-7.11 ) id A606600D6; Sat, 09 Aug 2003 16:51:18 +0800 From: "=?GB2312?Q?=C3=E7=C6=F4=B9=E3?=" Reply-To: mqg@souvenirchina.com To: tomcat-user@jakarta.apache.org Subject: Re: Automatic switch from http to https doesn't work for IE, does for Netscape X-mailer: Foxmail 4.2 [cn] Mime-Version: 1.0 Content-Type: text/plain; charset="" Content-Transfer-Encoding: quoted-printable Date: Sat, 9 Aug 2003 16:51:42 +0800 Message-Id: <200308091651671.SM00872@snowicemiao> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N =D4=DA 2003-08-09 16:30:00 =C4=FA=D0=B4=B5=C0=A3=BA >Tomcat 4.0.6of you ? Could you tell me ? Thanks~~ >Windows 2000 >IE 5, SP3 >Netscape 7.02 > > >I have a website which is part public, part secure. There are= html entries >such as "< a href=3Dmembers/index.jsp >" in the public area= which will >jump to the secure area. The site is entered, by default using >http://localhost:8080 but the members area is protected via SSL= and >transport guarantee stanzas > > > ScoutGroup-Secure > /members/* > > > member > > > CONFIDENTIAL > > > >I understand that this should force any >http://localhost:8080/scoutgroup/members request to switch to >https://localhost:8443/scoutgroup/members. Under Netscape it= does and I am >notified that I am going to a secure page, prompted to accept= the SSL >certificate then driven through my logon.jsp to >response.encodeURL("j_security_check"). Under IE, however, I am= notified >that I am going to a secure page, prompted to accept the SSL= certificate >then told the page cannot be found. > >For testing purposes, I tried putting >http://localhost:8080/scoutgroup/members in the browser's= address box. > >The access log contains the following (with my annotations= prefixed with >////) >//// Using IE >127.0.0.1 - - [09/Aug/2003:15:09:28 10000] "GET >/scoutgroup/members/index.jsp HTTP/1.1" 302 654 >127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "GET >/scoutgroup/members/index.jsp HTTP/1.1" 302 654 >127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "=16=03 a=01 ]=03 ?4? >Yq8*+??R?I?T:? >//// Using Netscape >127.0.0.1 - - [09/Aug/2003:15:59:48 10000] "GET >/scoutgroup/members/index.jsp HTTP/1.1" 302 654 >127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET >/scoutgroup/members/index.jsp HTTP/1.1" 302 654 >127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET= /scoutgroup/logon.jsp >HTTP/1.1" 200 576 >127.0.0.1 - - [09/Aug/2003:16:01:07 10000] "POST >/scoutgroup/j_security_check HTTP/1.1" 302 654 >127.0.0.1 - nichm001 [09/Aug/2003:16:01:07 10000] "GET >/scoutgroup/members/index.jsp HTTP/1.1" 200 427 > > > >Both browsers caused the same response= (SC_MOVED_TEMPORARILY/302) as they >attempted to navigate to the security check but then IE= generated something >very peculiar and appeared to try to renegotiate the protocol to= http/0.9 >before giving up. > > >I've checked the logs - can't find anything more informative= than above. > >I've tried running Tomcat via the "catalina run" command line= option but >there is no extra info there either. > >I know I can modify my code to always force the full path into= hyperlinks >but that's not good programming and has enormous potential for= maintenance >problems. > >Where do I look now? > > >Murray > > > >----------------------------------------------------------------= ----- >To unsubscribe, e-mail:= tomcat-user-unsubscribe@jakarta.apache.org >For additional commands, e-mail:= tomcat-user-help@jakarta.apache.org > > mqg - SOUVENIR ----------- --------. | Souvenir of China | | A Good Place for You | `--> http://www.souvenirchina.com -' mailto:sales@souvenirchina.com