tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janet Preston <>
Subject Help with mixed SSL and non-SSL pages in Tomcat 7.0
Date Fri, 14 Oct 2011 20:09:50 GMT

I have a web site with a login page that has to be accessed using SSL so 
that the password is not sent as clear text. The rest of the site is 
non-SSL. My configuration worked with this combination: Tomcat 5.5.27; 
Apache 2.0.58; JAVA 1.5.0_13 and, mod_jk (I'm not sure what version of 
mod_jk but it's old). After upgrading to  Tomcat 7.0.22; Apache 2.2.21; 
JAVA 1.6.0_23; and tomcat jk connector version 1.2.32  I find my 
application doesn't work the same. The problem is I never get past the 
login page because whenever a redirect from port 8443 to port 8080 occurs 
I get bumped back to the log in page. I can use the application if I stay 
totally within SSL and I can use the application totally without SSL so I 
think this is a configuration issue, I just don't know what needs to 
change. I read the tomcat 7 SSL Configuration How-to and it says it's 
"customary to only run certain pages under SSL" but I'm missing something 
or have used a hole in the past that has now been plugged.

My web.xml is configured as follows:
               <display-name>App Security</display-name>
                       <web-resource-name>App Security</web-resource-name>
          <description>All users who can login should be able to use this 

I created a certificate using the Java keystore and updated tomcat 
    <Connector port="8080" protocol="HTTP/1.1"
               redirectPort="8443" />
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
keystorePass="appcertkey"   keyAlias="keyalias"/>

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

Index.html redirects the user from https to http.

Any suggestions would be appreciated.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message