----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files. Don't make us guess your problem!!!
----------------------------------------------------------------
Hi,
Our configuration:
> RH 5.2 Intel
> JServ 1.1.1b
> JDK 1.2.2 RC4 Blackdown
> mod_ssl-2.6.4-1.3.12
> openssl-0.9.5a
> apache_1.3.12
I am working on a servlet-based interface for the access of the
Research Press Journals (http://www.nrc.ca/cisti/journals) of the
National Research Council Canada (for those asking about production sites
using jserv, ours is one...).
I am running into a problem: the servlet manages access to the
journal articles (IP and domain site licensing, personal
subscriptions, and credit card sales "Pay-Per-View"). If your IP is
covered by an IP or domain site license (checked by the servlet by
chacking in an LDAP - OpenLDAP), then the servlet gets the PDF for the
article and sends it to your browser. If it does not, then it presents
a web page showing one form for subscribers (top half) where they can
put in their userid/password to the article; or, for users who do not
fall in to the above categories, a button which takes you to a form
which allows you to buy that particular article with you credit card.
Now, clearly the credit card form and its subsequent processing should
occur in an SSL environment. So, the button from the first page is as
follows:
<form action="https://fin.cisti.nrc.ca:443/rpppv/RPViewDoc"
accept-charset="ISO-8859-1"
enctype="application/x-www-form-urlencoded" method="POST">
This will prompt you to accept the certificate (we are our own
signing authority) and then presents you with the form to fill in your
credit card info. This form has the following form:
<form action="https://fin.cisti.nrc.ca:443/rpppv/RPViewDoc"
accept-charset="ISO-8859-1"
enctype="application/x-www-form-urlencoded" method="POST">
However, when this form is submitted, Apache is not happy and
redirects you to an insecure page saying:
> Bad Request
>
> Your browser sent a request that this server could not understand.
>
> Reason: You're speaking plain HTTP to an SSL-enabled server port.
> Instead use the HTTPS scheme to access this URL, please.
>
> Hint: https://fin.cisti.nrc.ca:443/
>
>
> Apache/1.3.12 Server at fin.cisti.nrc.ca Port 443
>
But my form post did have the right URL!!! Can anyone tell me what is
happening? If you want to try this out, just go to:
http://fin.cisti.nrc.ca/rpppv/RPViewDoc?_handler_=HandleInitialGet&journal=cjp&volume=78&articleFile=p99-076.pdf
If you can tell me what is going wrong, I would really appreciate
it...
thanks,
glen
PS. Here is a portion of my httpd.conf (pretty vanilla)...:
> # Port: The port to which the standalone server listens. For
> # ports < 1023, you will need httpd to be run as root initially.
> #
> Port 80
>
> ##
> ## SSL Support
> ##
> ## When we also provide SSL we have to listen to the
> ## standard HTTP port (see above) and to the HTTPS port
> ##
> <IfDefine SSL>
> Listen 80
> Listen 443
> </IfDefine>
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
