I'm happy you guys figured this out - great job. Can I bother you with a similar question? Please take a look at this forum message I posted: http://main.jboss.org/thread.jsp?forum=50&thread=7343
It's similar but with Apache1.3->Tomcat3->JBoss2.4 instead of Catalina->JBoss2.4. Thanks, David -- Thomas Clouser wrote: >Alain, > >Thanks a million, it worked like a charm. I will repost your answer to the >Forum (threaded discussion group) at http://www.jboss.org . > >Thanks, > >Tom. > >PS How did you ever decide to look at jboss.properties? > > >----- Original Message ----- >From: "Coetmeur, Alain" <[EMAIL PROTECTED]> >To: "'Gerry Duhig'" <[EMAIL PROTECTED]>; ><[EMAIL PROTECTED]> >Cc: "'Thomas Clouser'" <[EMAIL PROTECTED]> >Sent: Friday, January 25, 2002 1:00 PM >Subject: RE: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port redirection > > >>For your information, >>afeter many patches , >>I get it to work... >> >>the problem was quite stupid, but hard to guess >>without the debug mode of catalina: >> >>you have to configure the support of HTTPS URL... >>ie add to jboss.properties the line: >>#JSSE https URL support >>java.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol >> >>this should be stored in a FAQ or in a cookbook >> >>then the redirectport of catalina works... >> >>that's magic.... >> >> >> >>I've made many patches, to support redirectPort parameter, >>to add a "none" type of connector so you can >>create all from the config attribute, >>to support xerces and any XML parser... >> >>but for your needs you have nothing to change, since >>you can configure a secure HTTP connector as the default >>connector, and add an HTTP connector that have >>a redirectport to the secure port... >> >> >>now I use this test config that >>define 2 http/https pair of connector, but one pait is enough for you >> >> <!-- Embedded Tomcat 4.x - JBossSX SecurityDomain >> >(JaasSecurityDomain) --> > >> <mbean code="org.jboss.security.plugins.JaasSecurityDomain" >> name="Security:name=JaasSecurityDomain,domain=tomcat"> >> <constructor> >> <arg type="java.lang.String" value="tomcat" /> >> </constructor> >> <attribute name="KeyStoreURL">../conf/tomcat.jks</attribute> >> <attribute name="KeyStorePass">changeit</attribute> >> </mbean> >> >> >> <!-- Uncomment to add embedded catalina service --> >> <mbean code="org.jboss.web.catalina.EmbeddedCatalinaServiceSX" >>name="DefaultDomain:service=EmbeddedTomcat" > >> <attribute name="ConnectorType">http</attribute> >> >> <!-- an HTTP connector associated with an HTTPS configured in the >> >config > >>attribute --> >> <!--attribute name="Port">80</attribute> >> <attribute name="RedirectPort">443</attribute --> >> >> <!-- an HTTPS connector associated with an HTTP configured in the >> >config > >>attribute, >> redirectPort should be set there --> >> <attribute name="Port">443</attribute> >> <attribute name="SecurityDomain">java:/jaas/tomcat</attribute> >> >> <attribute name="Config"> >> <Connector >>className="org.apache.catalina.connector.http.HttpConnector" >> port="80" minProcessors="5" maxProcessors="75" >> enableLookups="true" redirectPort="443" >> acceptCount="10" debug="1" connectionTimeout="60000"/> >> </attribute> >> <attribute name="Config"> >> <Server > >> <Service > >> <!-- an HTTPS connector associated with an HTTP which should set >>redirectPort there --> >> <!-- Connector >> className="org.apache.catalina.connector.http.HttpConnector" >> port="443" minProcessors="5" maxProcessor="75" acceptCount="10" >> enableLookups="true" scheme="https" secure="true" > >> <Factory >>className="org.jboss.web.catalina.security.SSLServerSocketFactory" >> securityDomainName="java:/jaas/tomcat" clientAuth="false" >>protocol="TLS" /> >> </Connector --> >> <!-- an HTTP connector redirecting to an HTTPS which can be >>configures as the def connector --> >> <Connector >> className="org.apache.catalina.connector.http.HttpConnector" >> port="80" minProcessors="5" maxProcessor="75" acceptCount="10" >> enableLookups="true" redirectPort="443" scheme="http" >>secure="false" /> >> <!-- a pair of HTTP/HTTPS connectors should be used with the >> >"none" > >>ConnectorType --> >> <Connector >>className="org.apache.catalina.connector.http.HttpConnector" >> port="8080" minProcessors="5" maxProcessors="75" >> enableLookups="true" redirectPort="8443" >> acceptCount="10" debug="0" connectionTimeout="60000"/> >> <Connector >> className="org.apache.catalina.connector.http.HttpConnector" >> port="8443" minProcessors="5" maxProcessor="75" acceptCount="10" >> enableLookups="true" scheme="https" secure="true" > >> <Factory >>className="org.jboss.web.catalina.security.SSLServerSocketFactory" >> securityDomainName="java:/jaas/tomcat" clientAuth="false" >>protocol="TLS" /> >> </Connector> >> </Service> >> </Server> >> </attribute> >> </mbean> >> >> >> >>>-----Message d'origine----- >>>De: Gerry Duhig [mailto:[EMAIL PROTECTED]] >>>Date: lundi 21 janvier 2002 10:54 >>>À: Thomas Clouser; [EMAIL PROTECTED] >>>Objet: Re: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port redirection >>> >>> >>>Have we got any further with this? I have the same problem. I >>>MUST have the >>>redirect working when I use a transport guarantee otherwise >>>my whole site >>>architecture goes out the window! >>> >>>Gerry >>> >>>----- Original Message ----- >>>From: "Thomas Clouser" <[EMAIL PROTECTED]> >>>To: <[EMAIL PROTECTED]> >>>Sent: Wednesday, January 16, 2002 3:41 PM >>>Subject: Re: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port >>>redirection >>> >>> >>>>Alain, >>>> >>>>Yes, I do have the docs, as mentioned in the original >>>> >>>post. (Note the >>> >>>>document has significant error - it should be <attribute >>>> >>>name="Config"> >>> >>>></attribute>, not <config></config>. This was solved over >>>> >>>the past weeks >>> >>>>on the jboss forum [which is currently down :-( ].) >>>> >>>>Yes, I have tried a bit of trickery with the "Config" >>>> >>>attribute of the >>> >>>>EmbeddedCatalinaServiceSX. >>>> >>>> I have SSL and Non-SSL working fine. >>>> >>>>What I do not have (which Tomcat supports in Standalone) is >>>> >>>automatic >>> >>>>redirection to the SSL port when a url pattern with a >>>> >>>transport guarantee >>>of >>> >>>>CONFIDENTIAL or INTEGRAL is requested over http. Again, >>>> >>>this is handled >>>by >>> >>>>the redirectPort attribute of the connector under Tomcat. >>>> >>>But according >>>to >>> >>>>the docs, this is not an available attribute for the >>>>EmbeddedCatalinaServiceSX. >>>> >>>>What I need to know (from whomever wrote the >>>> >>>EmbeddedCatalinaServiceSX), >>> >>>>does it actually support the concept of the redirectPort (see Tomcat >>>> >>>config >>> >>>>docs)? Or in wrapping tomcat, was this feature lost? >>>> >>>>Yes, I know I could look at the code, but at that point the cost of >>>>configuring the server becomes too high. >>>> >>>>Thanks for your suggestions, >>>> >>>>TC >>>> >>>> >>>>----- Original Message ----- >>>>From: "Coetmeur, Alain" <[EMAIL PROTECTED]> >>>>Sent: Wednesday, January 16, 2002 10:04 AM >>>>Subject: RE: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port >>>> >>>redirection >>> >>>> >>>>In fact this is documentend in the >>>>(cheap 10$) commercial dcumentation of jboss2.4.4 >>>> >>>>http://www.flashline.com/Components/View.jsp?prodid=4375 >>>> >>>>if you can, buy it, it is worth it... >>>> >>>>there a 3 way to support SSL, one set the catalina engine >>>>to serve only SSL and uses JAAS Mbean, >>>>a second is similar to the one documented in catalina documentation, >>>>and the third uses a jboss SSL socket factory and uses the >>>> >>>JAAS MBEAN >>> >>>>which is documented in this book... >>>> >>>><server> >>>>... >>>><!-- The SSL domain setup --> >>>><mbean code="org.jboss.security.plugins.JaasSecurityDomain" >>>>name="Security:name=JaasSecurityDomain,domain=RMI+SSL"> >>>><constructor> >>>><arg type="java.lang.String" value="RMI+SSL"/> >>>></constructor> >>>><attribute name="KeyStoreURL">chap8.keystore</attribute> >>>><attribute name="KeyStorePass">rmi+ssl</attribute> >>>></mbean> >>>>... >>>><!-- The embedded Tomcat-4.x setup with non-SSL and SSL HTTP >>>>connectors enabled --> >>>><mbean code="org.jboss.web.catalina.EmbeddedCatalinaServiceSX" >>>>10 INTEGRATING SERVLET CONTAINERS >>>>namain:service=EmbeddedTomcat"> >>>><config> >>>><Connector >>>>className="org.apache.catalina.connector.http.HttpConnector" >>>>port="8443" minProcessors="5" maxProcessors="75" >>>>enableLookups="true" >>>>acceptCount="10" scheme="https" secure="true"> >>>><Factory >>>>className="org.jboss.web.catalina.security.SSLServerSocketFactory" >>>>securityDomainName="java:/jaas/RMI+SSL"/> >>>></Connector> >>>></config> >>>></mbean> >>>></server> >>>> >>>>to be honnest, It is not evident to understand what this >>>> >>>does without >>> >>>>the doc... >>>> >>>>I'm really happy with this doc, event If I paid from >>>>my pocket because my online transaction cannot be >>>>accepted by my accounters in my company. >>>>Anyway this is only because we don't have opened a corporate >>>>account on flashline >>>>http://www.flashline.com/aboutus/caccount.jsp >>>>(stupid was I 8> ) >>>> >>>> >>>> >>>>-----Message d'origine----- >>>>De: Thomas Clouser [mailto:[EMAIL PROTECTED]] >>>>Date: mercredi 16 janvier 2002 05:21 >>>>: [EMAIL PROTECTED] >>>>Objet: [JBoss-user] JBoss2.4.4+Tomcat4.0.1 w/SSL port redirection >>>> >>>> >>>>From what I can see (docs, mailing list archive), the >>>>EmbeddedCatalinaServiceSX MBean does not provide the >>>> >>>necessary attribute >>> >>>>(and perhaps support code) to support port redirection. >>>> >>>>This functionality is supported by the redirectPort attribute of the >>>>connector setup for http in Tomcat 4.x (standalone). The >>>> >>>value given for >>> >>>>this attribute would be the port number for https. >>>> >>>>This would allow for the automatic redirection of request >>>> >>>whose content >>>(url >>> >>>>pattern) had a transport guarantee of CONFIDENTIAL or INTEGRAL. >>>> >>>>Does anyone have a workaround for this? >>>> >>>>TIA, >>>> >>>>TC >>>> >>>> >>>> >>>>_______________________________________________ >>>>JBoss-user mailing list >>>>[EMAIL PROTECTED] >>>>https://lists.sourceforge.net/lists/listinfo/jboss-user >>>> >>> >>>_______________________________________________ >>>JBoss-user mailing list >>>[EMAIL PROTECTED] >>>https://lists.sourceforge.net/lists/listinfo/jboss-user >>> > > >_______________________________________________ >JBoss-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/jboss-user > _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
