tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julie Moore" <jmo...@orchardsoft.com>
Subject With tomcat 5 redirects to a secure port fails
Date Tue, 30 Aug 2005 13:31:21 GMT
I have been looking al over for an explanation to what I am seeing. If I
hit my site with https I get my secure page displayed if I hit it with
http it is set up to redirect to https. The problem is the redirect is
trying to use the internal IP address in the URL
(https://10.0.0.4/login.jsp) not the URL with the "www." defined. 

We had this set up in tomcat 4 and the external users who where
redirected were able to get the secure page from "http://www." but now
this does not work.

I have looked at all the Tomcat 5 SSL sites that have come up on a
number of searches but I do not see this problem addressed.

Julie

-----Original Message-----
From: Julie Moore [mailto:jmoore@orchardsoft.com] 
Sent: Monday, August 29, 2005 1:50 PM
To: tomcat-user@jakarta.apache.org
Subject: With tomcat 5 redirects to a secure port the connection fails

 

I have updated a site from tomcat 4 to tomcat 5 and my link that used to
redirect to a secure site now fails. I see the webpage tying to connect
with my internal IP address instead of the external URL that the request
came in one. If I connect to https://www.x.com and hit the link to the
secure page my page displays correctly. But if I hit it from
http://www.x.com <http://www.x.com/>  the secure page does not display.

 

The page that displays has not changed. It has a relative link to the
webapp that I want to have as secure.

 

I have the server.xml connectors defined:

 

    <Connector port="80"     minThreads="150" maxSpareThreads="75"
minSpareThreads="25"

               enableLookups="true" redirectPort="443"

               acceptCount="100" debug="0" connectionTimeout="20000"

               disableUploadTimeout="true" />

 

 

    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -->

    

 

       <Connector port="443" maxHttpHeaderSize="8192"

               maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"

               enableLookups="false" disableUploadTimeout="true"

               acceptCount="100" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS"
keystoreFile="c:\tomcat\conf\keystore.ks" />

 

and the following in  the web.xml of my application I wish to have
available only as secure:

 

<security-constraint>
      <web-resource-collection>
             <web-resource-name>Entire Application</web-resource-name>
             <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <user-data-constraint>
             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
</security-constraint>
 
 
What have I missed?
Jmoore
 
 
 

 

 

 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message