tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Léa Massiot <>
Subject Re: From HTTP to HTTPS request.getHeader("referer")
Date Thu, 06 Nov 2014 10:57:29 GMT
Hello and thank you for your answers.

I would like to say that my problem is solved (even though I would like to
answer the remarks you made).
I can't really tell what combination of adjustments (see my previous posts)
are responsible for it. I just did things with more care than when I do
things hastily (or just to try something).
I'm saying this because (see below) I thought "sendRedirect()" was working
only if I passed it the complete HTTPS URL of the JSP I was willing to
redirect to user towards. I appears that now, it works if I only pass the
JSP page name to "sendRedirect()" (like I did in the past when dealing with
HTTP requests only).
So, I don't really know what to think :'/

> Christopher Schultz wrote:
> If you are already in HTTPS protocol and don't want to switch, then
> you shouldn't have to specify the protocol in the redirect. 

Well, indeed, it looks like I don't have to specify the protocol anymore...
(see my comment above).

> Christopher Schultz wrote:
> Yes, they don't really help in any way because they don't describe use
> cases. You didn't provide anything like "I want X, I tried Y, and Z
> happened" so it's hard to help you out. 

Well, it troubles me because, I was willing to give you some relevant
information (I just often do not know which and I also understand it's not
easy for you to understand my "stuff" when you only get pieces of it).
I wanted to know if my "HTTPS configuration for a standalone Tomcat serving
all the pages of some webapps with the HTTPS protocol" is fine or not.
The configuration details I sent previously are really the only thing I do
(to have Tomcat serve the webapps JSPs with the HTTPS protocol)...
Normally, if I'm not mistaken, I can switch back to HTTP by:
1) Removing the "<security-constraint>" element from the webapp "web.xml"
2) Replacing the three connectors:
<Connector port=&quot;443&quot; [...]
&lt;Connector port=&quot;80&quot; [...]
&lt;Connector port=&quot;8009&quot; [...]
from the Tomcat &quot;server.xml&quot; file (see the post in which I posted
the config)
and replace them with the two connectors:
&lt;Connector port=&quot;80&quot; protocol=&quot;HTTP/1.1&quot;
           redirectPort=&quot;8443&quot; />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

To try to give you an answer: this is probably a typical use case in the
- The user has requested a JSP page "x.jsp": it can see this page properly
in its browser.
- The user submits this JSP's form (which has an "action" attribute mapped
with a servlet in "web.xml").
- The "doPost()" method of the servlet is invoked.
- Some instructions are executed (database access for example).
- Before exiting (return;) the "doPost()", I execute
This used to fail before: I don't remember the error but the page "y.jsp"
wasn't served at all.
This is working now.

I thought that the two things I configure (1. <security-constraint> element
the "web.xml" of the webapp and 2. the connectors Tomcat "server.xml") are
just enough to show what I do to make Tomcat serve the the JSPs of some
webapps with the HTTPS protocol...

If this config looks good and if what I wrote just now doesn't bring
anything new to the table, please ignore it since its working now.

> Christopher Schultz wrote:
> Look at your access log to file out what's going on when you request
> an http:// URL.

Below is what I can find in the Tomcat access logs file:

Requested resource: http://host/webapp/welcome.jsp
---------------------------------------------------------------------------------------- - - [06/Nov/2014:11:06:03 +0100] "GET /webapp/welcome.jsp
HTTP/1.1" 302 - - - [06/Nov/2014:11:06:19 +0100] "GET /webapp/welcome.jsp
HTTP/1.1" 200 5361

Requested resource: https://host/webapp/welcome.jsp
---------------------------------------------------------------------------------------- - - [06/Nov/2014:11:08:06 +0100] "GET /webapp/welcome.jsp
HTTP/1.1" 200 5361

Should the HTTPS protocol be mentioned somewhere in this file?
Just reading this, can someone (you for instance) infer that the page
"welcome.jsp" was served using the HTTPS protocol?
Is there another log file where this can be checked?

Thank you for mentioning the 302 response: not that it particularly
enlightens me but maybe one day it will be clearer for me.

Best regards.

View this message in context:
Sent from the Tomcat - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message