I'm trying to set up redirection to SSL. Below are the appropriate sections of web.xml and server.xml
When I go to https://localhost:8443/app, I get directed to my login page, with the addition of a jsessionid to the url. If I go to http://localhost:8080/app, it warns me I am going to a secure page (I have this turned on to know when I am going in and out of ssl). I then get the security alert about the SSL certificate, I click YES to proceed, it sits there for a while. In my status bar, I see it's trying to connect to 127.0.0.1, which is no big deal, since it's localhost. When it eventually times out, my url is now https://localhost:8080/app/security/login/jsp/login.jsp;jesssionid=sessionid here Now, if I change it back to http in the url, and leave the rest, (mainly the jsessionid), it will redirect fine. I am running Tomcat 4.0.6. Also, ran across this in the archives: http://archives.apache.org/eyebrowse/ReadMsg?[EMAIL PROTECTED] ache.org&msgId=285554 which had no answer that I could find. His situation seems close to mine, expect the fact, if I remove auth-constraint, it breaks the application. Any thoughts or help on this would be appreciated. web.xml section: <security-constraint> <web-resource-collection> <web-resource-name>All Struts Actions</web-resource-name> <url-pattern>*.do</url-pattern> <url-pattern>*.jsp</url-pattern> </web-resource-collection> <auth-constraint> <description>Must at least have access to the USER role to gain access</description> <role-name>User</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <!-- Use a custom form for web container authentication --> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/security/logon/jsp/logon.jsp</form-login-page> <form-error-page>/security/logon/jsp/logonFailed.jsp</form-error-page> </form-login-config> </login-config> server.xml section: <Connector className = "org.apache.catalina.connector.http.HttpConnector" port = "8080" scheme = "http" secure = "false" minProcessors = "5" maxProcessors = "75" enableLookups = "true" acceptCount = "10" debug = "0" connectionTimeout = "60000" redirectPort = "8443" /> <Connector className = "org.apache.catalina.connector.http.HttpConnector" port = "8443" scheme = "https" secure = "true" minProcessors = "5" maxProcessors = "75" enableLookups = "true" acceptCount = "10" debug = "0" connectionTimeout = "60000" > <Factory className = "org.apache.catalina.net.SSLServerSocketFactory" clientAuth = "false" protocol = "TLS" keystoreFile = "keystore.jks" keystorePass = "password" /> </Connector> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
