----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files. Don't make us guess your problem!!!
----------------------------------------------------------------
> > But my form post did have the right URL!!! Can anyone tell me what is
> > happening? If you want to try this out, just go to:
> >
> > http://fin.cisti.nrc.ca/rpppv/RPViewDoc?_handler_=HandleInitialGet&journal=cjp
> > &volume=78&articleFile=p99-076.pdf
> >
> > If you can tell me what is going wrong, I would really appreciate
> > it...
>
> Simple...you need to already be in an SSL encrypted page. In other words,
> the page that has that form in it already needs to be encrypted. The <form
> post> is simply a continuation of that SSL encryption.
>
The page with the form that apache complains after its submission IS
in an SSL page:
This first page, A,
http://fin.cisti.nrc.ca/rpppv/RPViewDoc?_handler_=HandleInitialGet&journal=cjp&volume=78&articleFile=p99-076.pdf
creates a button which takes you to an SSL page, B,
https://fin.cisti.nrc.ca:443/rpppv/RPViewDoc
which has a form in it with credit card info. On submission, it should
go to the next page, C,
https://fin.cisti.nrc.ca:443/rpppv/RPViewDoc
but it is at this point apache complain. Try it out. Look at the URLs
and the FORM ACTIONs.
Thanks for any help :-)
-glen
> Return-Path: <[EMAIL PROTECTED]>
> Date: Tue, 16 May 2000 21:51:35 -0400
> From: Glen Newton <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: jserv, apache and ssl
> Reply-To: "Java Apache Users" <[EMAIL PROTECTED]>
> Sender: <[EMAIL PROTECTED]>
> Precedence: Bulk
> List-Software: LetterRip Pro 3.0.7 by Fog City Software, Inc.
> List-Subscribe: <mailto:[EMAIL PROTECTED]>
> List-Digest: <mailto:[EMAIL PROTECTED]>
> List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
>
> ----------------------------------------------------------------
> BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
> WHEN YOU POST, include all relevant version numbers, log files,
> and configuration files. Don't make us guess your problem!!!
> ----------------------------------------------------------------
>
>
> Hi,
>
> Our configuration:
> > RH 5.2 Intel
> > JServ 1.1.1b
> > JDK 1.2.2 RC4 Blackdown
> > mod_ssl-2.6.4-1.3.12
> > openssl-0.9.5a
> > apache_1.3.12
>
>
> I am working on a servlet-based interface for the access of the
> Research Press Journals (http://www.nrc.ca/cisti/journals) of the
> National Research Council Canada (for those asking about production sites
> using jserv, ours is one...).
>
> I am running into a problem: the servlet manages access to the
> journal articles (IP and domain site licensing, personal
> subscriptions, and credit card sales "Pay-Per-View"). If your IP is
> covered by an IP or domain site license (checked by the servlet by
> chacking in an LDAP - OpenLDAP), then the servlet gets the PDF for the
> article and sends it to your browser. If it does not, then it presents
> a web page showing one form for subscribers (top half) where they can
> put in their userid/password to the article; or, for users who do not
> fall in to the above categories, a button which takes you to a form
> which allows you to buy that particular article with you credit card.
>
> Now, clearly the credit card form and its subsequent processing should
> occur in an SSL environment. So, the button from the first page is as
> follows:
>
> <form action="https://fin.cisti.nrc.ca:443/rpppv/RPViewDoc"
> accept-charset="ISO-8859-1"
> enctype="application/x-www-form-urlencoded" method="POST">
>
> This will prompt you to accept the certificate (we are our own
> signing authority) and then presents you with the form to fill in your
> credit card info. This form has the following form:
>
> <form action="https://fin.cisti.nrc.ca:443/rpppv/RPViewDoc"
> accept-charset="ISO-8859-1"
> enctype="application/x-www-form-urlencoded" method="POST">
>
> However, when this form is submitted, Apache is not happy and
> redirects you to an insecure page saying:
>
> > Bad Request
> >
> > Your browser sent a request that this server could not understand.
> >
> > Reason: You're speaking plain HTTP to an SSL-enabled server port.
> > Instead use the HTTPS scheme to access this URL, please.
> >
> > Hint: https://fin.cisti.nrc.ca:443/
> >
> >
> > Apache/1.3.12 Server at fin.cisti.nrc.ca Port 443
> >
>
> But my form post did have the right URL!!! Can anyone tell me what is
> happening? If you want to try this out, just go to:
>
>
>http://fin.cisti.nrc.ca/rpppv/RPViewDoc?_handler_=HandleInitialGet&journal=cjp&volume=78&articleFile=p99-076.pdf
>
> If you can tell me what is going wrong, I would really appreciate
> it...
>
> thanks,
>
> glen
>
> PS. Here is a portion of my httpd.conf (pretty vanilla)...:
>
> > # Port: The port to which the standalone server listens. For
> > # ports < 1023, you will need httpd to be run as root initially.
> > #
> > Port 80
> >
> > ##
> > ## SSL Support
> > ##
> > ## When we also provide SSL we have to listen to the
> > ## standard HTTP port (see above) and to the HTTPS port
> > ##
> > <IfDefine SSL>
> > Listen 80
> > Listen 443
> > </IfDefine>
>
>
>
>
>
>
>
>
>
>
> --
> --------------------------------------------------------------
> Please read the FAQ! <http://java.apache.org/faq/>
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Archives and Other: <http://java.apache.org/main/mail.html>
> Problems?: [EMAIL PROTECTED]
>
>
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
