tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lyallex <lyal...@gmail.com>
Subject Re: How to remove port number from https adress and redirect http to https
Date Mon, 09 Jul 2007 09:07:08 GMT
Hello

You 'put' them somewhere in you package hierarchy, so for example if
you have the package structure com.barking.mad with servlets in
com.barking.mad.servlets then you could put them in
com.barking.mad.servlets.filters or wherever and package them up in
your jar or war or whatever it is you are doing when you deploy your
application.

The filter mapping goes in web.xml

Rgds
Duncan

On 7/9/07, christianhau <christianhau@gmail.com> wrote:
>
> Thanks man :)
>
> About the filters, where do you implement them? I see they are in Java but
> still don't know where to put them :) And where do you put the filter
> mapping?
>
> Thanks!
>
>
>
> Lyallex wrote:
> >
> > Hi
> >
> > Ah, yes, well I'm not really an 'expert' myself but I have been through
> > this
> > recently.
> >
> > The first thing I would say is that the following looks different to my
> > own
> > config
> >
> > <url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
> >
> > here is one of my constraints
> >
> > <security-constraint>
> >     <display-name>Standard user constraint used for checkout and account
> > modification</display-name>
> >     <web-resource-collection>
> >       <web-resource-name>my super new site</web-resource-name>
> >       <url-pattern>/user/LoginPreCheck</url-pattern>
> >       <url-pattern>/user/loggedin/*</url-pattern>
> >     </web-resource-collection>
> >     <auth-constraint>
> >       <role-name>wpcustomer</role-name>
> >     </auth-constraint>
> >     <user-data-constraint>
> >         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> >     </user-data-constraint>
> >   </security-constraint>
> >
> > the url-pattern should be a relative path from the root of your
> > application
> > or some mapped path to a resource (experts correct me if I am wrong
> > please).
> > If you want everything protected then just use * (or /* I think actually).
> >
> > Now when a user tries this URL
> > http://www.mywebapp.co.uk/user/loggedin/editAccount.jsp Tomcat
> > automatically
> > ''redirects' to https.
> >
> > As for the filter, well I'm a bit new to them as well. At the moment I
> > have
> > decided that as long as a user is logged in then I'd like the session to
> > be
> > secure. When they hit the logout button then I don't need secure I just
> > need
> > straight http.
> >
> > Here is my filter
> >
> > public class HttpsRedirectFilter implements Filter{
> >
> >  ...
> >
> >     public void doFilter(ServletRequest request, ServletResponse response,
> > FilterChain chain) throws IOException, ServletException {
> >         if((request instanceof HttpServletRequest) && (response instanceof
> > HttpServletResponse)){
> >             String redirectTarget =
> > ((HttpServletRequest)request).getRequestURL().toString().replaceFirst("https",
> > "http");
> >             if(request.isSecure()){
> >
> > ((HttpServletResponse)response).sendRedirect(redirectTarget);
> >             }
> >             else{
> >                 chain.doFilter(request, response);
> >             }
> >         }
> >     }
> >
> >    ...
> >
> > Very basic and primitive I'm sure but it does the job
> >
> > The filter is mapped to the /logout url thus
> >
> >   <filter>
> >       <filter-name>redirectFilter</filter-name>
> >       <filter-class>com.foo.bar.baz.HttpsRedirectFilter</filter-class>
> >   </filter>
> >   <filter-mapping>
> >     <filter-name>redirectFilter</filter-name>
> >     <url-pattern>/logout</url-pattern>
> >   </filter-mapping>
> >
> > Anytime anyone logs out this filter fires and redirects to 'standard'
> > http.
> >
> > Now of course the filter could be a lot more sophisticated but it proved
> > the
> > concept to me, now all I need is that little bit of 'majik'
> >
> > Hope all this helps.
> >
> > All criticism welcome
> >
> > Cheers
> > Duncan
> >
> >
> > On 7/6/07, christianhau <christianhau@gmail.com> wrote:
> >>
> >>
> >> Thanks man!
> >>
> >> I have tried a similar approach with the web.xml but no luck. This is
> >> what
> >> I
> >> wrote in web.xml
> >> <security-constraint>
> >>                 <web-resource-collection>
> >>                         <web-resource-name>Entire
> >> Application</web-resource-name>
> >>
> >> <url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
> >>                 </web-resource-collection>
> >>                 <user-data-constraint>
> >>
> >> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> >>                 </user-data-constraint>
> >>         </security-constraint>
> >>
> >> Now I am not 100% sure if the pattern is correct, how would I check that?
> >> And another thing, you mentioned a suitable servlet filter? How would you
> >> go
> >> about making a servlet filter for this purpose and where would you put
> >> it?
> >> As you can tell from my question I have little experience with servlet
> >> filters..
> >>
> >> Thanks again :)
> >>
> >>
> >>
> >>
> >> Lyallex wrote:
> >> >
> >> > Hi
> >> >
> >> > This is my first contribution to this list and I expect others will
> >> have
> >> > better ways of doing it but ...
> >> >
> >> > The way I managed to get his working is to set the ssl connector port
> >> to
> >> > the
> >> > default ssl port (443)
> >> > and my non-ssl connector port to the default http port (80)
> >> > Obviously there are issues starting Tomcat on these ports on *NIX
> >> systems
> >> > but judging by the following
> >> > entry in your ssl connector (keystoreFile="/root/.keystore") you appear
> >> to
> >> > have access to root.
> >> >
> >> > That should do it
> >> >
> >> > Also in my etc/hosts file I have set 127.0.0.1   www.mywebapp.co.uk and
> >> my
> >> > app is the root web app
> >> >
> >> > so now, combined with the following in web.xml
> >> >
> >> > <security-constraint>
> >> > ...
> >> >      <user-data-constraint>
> >> >         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> >> >     </user-data-constraint>
> >> > ...
> >> > </security-constraint>
> >> >
> >> > and a suitable servlet filter I can switch between http and https
> >> almost
> >> > at
> >> > will with no messing about with ports just by asking for
> >> > http://www.mywebapp.co.uk
> >> >
> >> > Hope this helps
> >> >
> >> > Cheers
> >> > Duncan
> >> >
> >> >
> >> > On 7/6/07, christianhau <christianhau@gmail.com> wrote:
> >> >>
> >> >>
> >> >> Hi!
> >> >>
> >> >> I have set up a tomcat server with ssl that works fine as long as I
go
> >> to
> >> >> the adress https://adress:8443 I want to get rid of the port number,
> >> is
> >> >> there any easy way to do this so that tomcat understands the https
> >> >> request
> >> >> that comes in?
> >> >>
> >> >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> >> >> maxThreads="150" scheme="https" secure="true"
> >> >> clientAuth="false" keystorePass="changeit" sslProtocol="TLS"
> >> >> keystoreFile="/root/.keystore"
> >> >> truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts"
> >> />
> >> >>
> >> >> This is my ssl connector in my server.xml. I tried getting a redirct
> >> from
> >> >> http to https going but couldn't do that in tomcat alone, any tips
on
> >> >> that
> >> >> aswell? I have done this:
> >> >>
> >> >> <Connector port="8080" protocol="HTTP/1.1"
> >> >>
> >> >> redirectPort="8443" />
> >> >>
> >> >> With no luck... Thanks for any help!!
> >> >> --
> >> >> View this message in context:
> >> >>
> >> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871
> >> >> Sent from the Tomcat - User mailing list archive at Nabble.com.
> >> >>
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To start a new topic, e-mail: users@tomcat.apache.org
> >> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >> >>
> >> >>
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11462081
> >> Sent from the Tomcat - User mailing list archive at Nabble.com.
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To start a new topic, e-mail: users@tomcat.apache.org
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
> >
>
> --
> View this message in context: http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11496915
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message