Hi Urban,
> Is anyone here succesfully using Apache httpd/mod_jk as a frontend to
> Tomcat AND the <security constraint> directive in dspace-web.xml (to
> restrict the use of SSL to certain services only)?
> And would anyone like to share an example of how exactly this is set up?
The way we do it (might not be optimal, but seems to work well) is to use
apache to do the secure side of things, and just run tomcat unsecured. So we
map the login page (in our case the ldap login page, but you could use the
password login page) to SSL, and everything else to non-SSL.
We achieve this in our Apache vhost configuration using:
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/dspace/ldap-login.*
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
SSLEngine off
This redirects traffic which matches the ldap login page to the SSL
alternative.
To change the user back again, we have the opposite in our SSL vhost config:
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/dspace/ldap-login.*
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [L,R]
I hope this helps,
Stuart
_________________________________________________________________
Gwasanaethau Gwybodaeth Information Services
Prifysgol Aberystwyth Aberystwyth University
E-bost / E-mail: [EMAIL PROTECTED]
Ffon / Tel: (01970) 622860
_________________________________________________________________
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
