John,
It is mounted vi mod_jk, connector which allows apache to communicate
with tomcat directly. I left that out, those details are available in
tomcats server.xml. There are two configurations that you are hearing
back from Larry Stone and myself about.
1.) Use Apache and mod_jk in front of tomcat to handle http/https
requests. In which apache handles which port a request goes to ala
URL Rewrites/Redirects, tomcat listens via the mod_jk/ajp connector
for requests. This is a the solution usually taken in production
environments running tomcat. It allows the System Administrator to
control the entire request process and its behavior. There are many
"mods" in Apache that can do things like bandwidth filtering,
redirecting and URL rewriting which are difficult if not impossible
to find for Tomcat directly. This solution does not require having to
recompile the dspace webapplication to administer these aspects, it
allows your System Admin to take control in this area while your
application developers deal with the web-application side.
2.) Use Tomcat to directly serve http/https and security constraints.
This requires rebuilding the war (or just editing the security
constraint in web.xml) to enforce this restriction. Note, you have
open tomcat up on two ports http and https You also need to hack the
JSP's to redirect you back out of https after your user is leaving a
protected area.
This is why I choose the former solution, it is always in the hands
of the system administrator, who is the expert in this area and
actualy needs to control these security aspects of a service as the
responsibility of his/her position. It requires zero modification of
the DSpace web-application JSPs and configuration and thus is very
easy to maintain across dspace upgrades. Each solution has its
nuances and complexities. You'll need to evaluate for yourself, which
seems most appropriate for your taste and situation.
-Mark Diggory
On Jan 24, 2007, at 3:19 PM, John Preston wrote:
I see that you are redirecting to the apache https service. Where
is the tomcat server, I presume on 84343 port.
John
On 1/24/07, Mark Diggory < [EMAIL PROTECTED]> wrote:
We accomplish this within our Apache httpd service in front of
Tomcat. Basically I use mod_rewrite to force specific url's into
http or https. (for example:
## SSL Virtual Host Context
<VirtualHost 18.51.3.31:443>
...
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/certificate-login.*
RewriteCond %{REQUEST_URI} !^/password-login.*
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [L,R]
...
</VirtualHost>
<VirtualHost 18.51.3.31:80>
...
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/certificate-login.* [OR]
RewriteCond %{REQUEST_URI} ^/password-login.*
RewriteRule ^/(.*) https://%{HTTP_HOST}:443/$1 [L,R]
-Mark
On Jan 24, 2007, at 2:15 PM, John Preston wrote:
Can anyone tell me if it is possible to use https for just the
login steps and regualr unsecured http to access my dspace site. I
need to secure the login username/password phase but once logged
in I want to use the regular http so it is as fast as possible.
Mark R. Diggory
~~~~~~~~~~~~~
DSpace Systems Manager
MIT Libraries, Systems and Technology Services
Massachusetts Institute of Technology
Mark R. Diggory
~~~~~~~~~~~~~
DSpace Systems Manager
MIT Libraries, Systems and Technology Services
Massachusetts Institute of Technology
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
