tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bernhard Wraase ...@netkosmos.de>
Subject bug in redirect to https
Date Thu, 26 Feb 2004 09:21:06 GMT
Hi,

I found a bug in tomcat 5. I can reproduce it with tomcat 5.016, 5.018 
and 5.019. Other versions of tomcat 5 I didn't test.

Here is my testcase:

create a folder under <tomcat5>/webapps (ie. sec-test)
put a zip-file and/or a pdf-file in it (ie. a.pdf, b.zip)
configure https with certificate and port in server.xml
configure the redirect from http to https in server.xml
configure the webapp
start tomcat 5

start IE 5.5 or 6.0
try https://<servername>/sec-test/a.pdf
try https://<servername>/sec-test/b.zip

both works correctly

Now the buggy behavior:

add a web.xml with following part:
      <security-constraint>
       <web-resource-collection>
         <web-resource-name>The Entire Web App</web-resource-name>
         <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
     </security-constraint>


Now it is not anymore possible to open or store neither the pdf-file nor 
the zip-file with same url from above.

"Internet Explorer cannot download a.pdf from localhost.
  Internet Explorer was not able to open this Internet site. The 
requested site is either unavailable or cannnot be found. Please try 
again later."

"Internet Explorer cannot download b.zip from localhost.
  Internet Explorer was not able to open this Internet site. The 
requested site is either unavailable or cannnot be found. Please try 
again later."

This happens only with IE 5.5 and 6.0, not with mozilla 1.6 or Opera 
7.23(tested).
The same webapp works works correctly in tomcat 4.02, 4.04, 4.1.30(all 
tested).
I tested on solaris(8), linux(SuSe 8.1) and W2000, the behavior is the 
same, means the operating system does not matter.

Could this please anybody confirm?

If somebody has a smart workarround or bugfix for tomcat 5 I appreciate 
it very much.
I try to understand the BaseAuthenticator(catalina.jar) since I thought 
there would be the bug but I must confess that I failed:-(

-- 
Regards Bernhard Wraase


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message