tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: bug in redirect to https
Date Fri, 27 Feb 2004 05:07:04 GMT
See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27122.

"Bernhard Wraase" <bw@netkosmos.de> wrote in message
news:403DBA82.4050807@netkosmos.de...
> Hi,
>
> I found a bug in tomcat 5. I can reproduce it with tomcat 5.016, 5.018
> and 5.019. Other versions of tomcat 5 I didn't test.
>
> Here is my testcase:
>
> create a folder under <tomcat5>/webapps (ie. sec-test)
> put a zip-file and/or a pdf-file in it (ie. a.pdf, b.zip)
> configure https with certificate and port in server.xml
> configure the redirect from http to https in server.xml
> configure the webapp
> start tomcat 5
>
> start IE 5.5 or 6.0
> try https://<servername>/sec-test/a.pdf
> try https://<servername>/sec-test/b.zip
>
> both works correctly
>
> Now the buggy behavior:
>
> add a web.xml with following part:
>       <security-constraint>
>        <web-resource-collection>
>          <web-resource-name>The Entire Web App</web-resource-name>
>          <url-pattern>/*</url-pattern>
>        </web-resource-collection>
>        <user-data-constraint>
>          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>        </user-data-constraint>
>      </security-constraint>
>
>
> Now it is not anymore possible to open or store neither the pdf-file nor
> the zip-file with same url from above.
>
> "Internet Explorer cannot download a.pdf from localhost.
>   Internet Explorer was not able to open this Internet site. The
> requested site is either unavailable or cannnot be found. Please try
> again later."
>
> "Internet Explorer cannot download b.zip from localhost.
>   Internet Explorer was not able to open this Internet site. The
> requested site is either unavailable or cannnot be found. Please try
> again later."
>
> This happens only with IE 5.5 and 6.0, not with mozilla 1.6 or Opera
> 7.23(tested).
> The same webapp works works correctly in tomcat 4.02, 4.04, 4.1.30(all
> tested).
> I tested on solaris(8), linux(SuSe 8.1) and W2000, the behavior is the
> same, means the operating system does not matter.
>
> Could this please anybody confirm?
>
> If somebody has a smart workarround or bugfix for tomcat 5 I appreciate
> it very much.
> I try to understand the BaseAuthenticator(catalina.jar) since I thought
> there would be the bug but I must confess that I failed:-(
>
> -- 
> Regards Bernhard Wraase




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message