Redirect HTTP to HTTPS
I know I can redirect HTTP to HTTPS by adding: user-data-constraint transport-guarantee CONFIDENTIAL /transport-guarantee /user-data-constraint to my web.xml but the problem is that this does not redirect when someone just goes to a directory path. I would like http://servername/ to redirect to https://servername/ Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Redirect HTTP to HTTPS
Just create a filter (mapping it to /* for example so it gets applied to all requests), test for a secure connection with request.isSecure(), and if it isn't, redirect using response.sendRedirect. Martin Faine, Mark wrote: I know I can redirect HTTP to HTTPS by adding: user-data-constraint transport-guarantee CONFIDENTIAL /transport-guarantee /user-data-constraint to my web.xml but the problem is that this does not redirect when someone just goes to a directory path. I would like http://servername/ to redirect to https://servername/ Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: How to redirect http to https automatically?
Hello, I believe all but your third example is correct. I am pretty sure that a cookie set for www.domaina.com will be sent to that same domain if it's in http or https. However, if the cookie is marked as secure, it will only be sent under https. This is what has caused the problem. I still don't know why the Tomcat team decided to take out the configurable option of forcing session cookies that were created under https to be secure or not. (I understand that it makes a good default, from a security point of view. But for those that are aware of the security implications, we no longer have the option to turn it off.) This has caused a problem for many people, and has come up in numerous threads since this change was made in the Tomcat 4.x line. (Or perhaps, the configurable option was added to the 3.x line, and never added to the 4.x and 5.x lines?) http://www.junlu.com/msg/49789.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg83724.html http://archives.real-time.com/pipermail/tomcat-devel/2001-October/024544.html Thanks, -Raiden Johnson On Sat, 16 Oct 2004, Steffen Heil wrote: Hi Actually, I'm a big advocate against staying in HTTPS, because of the overhead. However, this is a problem with Tomcat, because in the 4.x and 5.x lines it was decided by someone that if a session started in HTTPS it is only valid in HTTPS (basically, the session cookie is turned into a secure cookie only). I do not understand this. I always thought cookies where only valid for ONE domain and ONE Protocol, so the following would be pairwise different and thus cannot share a cookie: http://www.domaina.com http://www.domainb.com http://www.domaina.com http://domainb.com http://www.domaina.com https://www.domaina.com Is my view wrong? Is there a way to reattach a session to a request, if the old sessionID is kown? Regards, Steffen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: How to redirect http to https automatically?
Hi Actually, I'm a big advocate against staying in HTTPS, because of the overhead. However, this is a problem with Tomcat, because in the 4.x and 5.x lines it was decided by someone that if a session started in HTTPS it is only valid in HTTPS (basically, the session cookie is turned into a secure cookie only). I do not understand this. I always thought cookies where only valid for ONE domain and ONE Protocol, so the following would be pairwise different and thus cannot share a cookie: http://www.domaina.com http://www.domainb.com http://www.domaina.com http://domainb.com http://www.domaina.com https://www.domaina.com Is my view wrong? Is there a way to reattach a session to a request, if the old sessionID is kown? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
Re: How to redirect http to https automatically?
I don't know the answer to that. It's unlikely, though. You could put something like Apache in the front and use URL rewriting, which can basically force any URL with a given pattern to be redirected, either forcing HTTP or HTTPS and doing the redirect only when the scheme is not what you want. In general, though, when you know you are shifting between secure and insecure, you should perhaps create URLs that make this explicit. In general, you enter a secure mode when starting a secure set of transactions, and then switch back when you are done. Of course, you could just stay with HTTPS once they enter secure mode since securing the communications may have overhead, but it adds privacy. David - Original Message - From: Antony Paul [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; David Wall [EMAIL PROTECTED] Sent: Thursday, October 14, 2004 9:42 PM Subject: Re: How to redirect http to https automatically? Is it possible to switch from https to http using this kind of configuration ? I tried with NONE for user constraint but it still remains in https. rgds Antony Paul On Thu, 14 Oct 2004 08:40:31 -0700, David Wall [EMAIL PROTECTED] wrote: This is part of the servlet specs. In your WEB-INF/web.xml file, you need a security constraint that says the site should be secure, something like: security-constraint web-resource-collection web-resource-nameEntire site/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint The confidential keyword ensures that the webapp will require https, so if you try to get it via http, then the redirect stuff specifed in your server.xml will be applied. David - Original Message - From: Won Sim [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 13, 2004 8:13 AM Subject: How to redirect http to https automatically? I set redirectPort attribute to 443, which is my SSL connector port number, from port 80 connector in the server.xml. This doesn't redirect http to https automatically. In other words, I still can access the application via http://server/myapp. I want to know how to redirect http to https automatically so when I enter http://server/myapp, Tomcat redirects to htts://server/myapp. I am using Tomcat 4.1.30. Thanks in advance. Won. _ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to redirect http to https automatically?
Actually, I'm a big advocate against staying in HTTPS, because of the overhead. However, this is a problem with Tomcat, because in the 4.x and 5.x lines it was decided by someone that if a session started in HTTPS it is only valid in HTTPS (basically, the session cookie is turned into a secure cookie only). There have been threads on this in the past, where myself and others asked why this behavior was changed in Tomcat 4.x and Tomcat 5.x (there used to be an option as to whether or not the sessions would be secure only if they were started in HTTPS), and the general consensus seemed to be that it was best to do it this way so developers don't make mistakes. In general, with other application servers, if you're switching between HTTP and HTTPS, you just have to make sure that: 1. Any page that requires privacy is in HTTPS 2. That you drop a secure cookie under HTTPS the first time someone logs in, so that that cookie is only returned when they view HTTPS pages. That will protect them from being session hijacked. (They can still be session hijacked using their jsessionid on HTTP pages, but that is always the case. But, noone will be able to view their HTTPS pages using the jsessionid unless they also have that secure cookie.) As it stands, each time a new version of Tomcat comes out, I have to hack away at the connector code to turn off the forced HTTPS session behavior. I haven't felt competent enough to submit a patch to the Tomcat code to try and restore the 3.x option for this, but hopefully I will soon. =P Thanks, -Raiden Johnson On Fri, 15 Oct 2004, David Wall wrote: I don't know the answer to that. It's unlikely, though. You could put something like Apache in the front and use URL rewriting, which can basically force any URL with a given pattern to be redirected, either forcing HTTP or HTTPS and doing the redirect only when the scheme is not what you want. In general, though, when you know you are shifting between secure and insecure, you should perhaps create URLs that make this explicit. In general, you enter a secure mode when starting a secure set of transactions, and then switch back when you are done. Of course, you could just stay with HTTPS once they enter secure mode since securing the communications may have overhead, but it adds privacy. David - Original Message - From: Antony Paul [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; David Wall [EMAIL PROTECTED] Sent: Thursday, October 14, 2004 9:42 PM Subject: Re: How to redirect http to https automatically? Is it possible to switch from https to http using this kind of configuration ? I tried with NONE for user constraint but it still remains in https. rgds Antony Paul On Thu, 14 Oct 2004 08:40:31 -0700, David Wall [EMAIL PROTECTED] wrote: This is part of the servlet specs. In your WEB-INF/web.xml file, you need a security constraint that says the site should be secure, something like: security-constraint web-resource-collection web-resource-nameEntire site/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint The confidential keyword ensures that the webapp will require https, so if you try to get it via http, then the redirect stuff specifed in your server.xml will be applied. David - Original Message - From: Won Sim [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 13, 2004 8:13 AM Subject: How to redirect http to https automatically? I set redirectPort attribute to 443, which is my SSL connector port number, from port 80 connector in the server.xml. This doesn't redirect http to https automatically. In other words, I still can access the application via http://server/myapp. I want to know how to redirect http to https automatically so when I enter http://server/myapp, Tomcat redirects to htts://server/myapp. I am using Tomcat 4.1.30. Thanks in advance. Won. _ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: How to redirect http to https automatically?
This is part of the servlet specs. In your WEB-INF/web.xml file, you need a security constraint that says the site should be secure, something like: security-constraint web-resource-collection web-resource-nameEntire site/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint The confidential keyword ensures that the webapp will require https, so if you try to get it via http, then the redirect stuff specifed in your server.xml will be applied. David - Original Message - From: Won Sim [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 13, 2004 8:13 AM Subject: How to redirect http to https automatically? I set redirectPort attribute to 443, which is my SSL connector port number, from port 80 connector in the server.xml. This doesn't redirect http to https automatically. In other words, I still can access the application via http://server/myapp. I want to know how to redirect http to https automatically so when I enter http://server/myapp, Tomcat redirects to htts://server/myapp. I am using Tomcat 4.1.30. Thanks in advance. Won. _ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to redirect http to https automatically?
Is it possible to switch from https to http using this kind of configuration ? I tried with NONE for user constraint but it still remains in https. rgds Antony Paul On Thu, 14 Oct 2004 08:40:31 -0700, David Wall [EMAIL PROTECTED] wrote: This is part of the servlet specs. In your WEB-INF/web.xml file, you need a security constraint that says the site should be secure, something like: security-constraint web-resource-collection web-resource-nameEntire site/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint The confidential keyword ensures that the webapp will require https, so if you try to get it via http, then the redirect stuff specifed in your server.xml will be applied. David - Original Message - From: Won Sim [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 13, 2004 8:13 AM Subject: How to redirect http to https automatically? I set redirectPort attribute to 443, which is my SSL connector port number, from port 80 connector in the server.xml. This doesn't redirect http to https automatically. In other words, I still can access the application via http://server/myapp. I want to know how to redirect http to https automatically so when I enter http://server/myapp, Tomcat redirects to htts://server/myapp. I am using Tomcat 4.1.30. Thanks in advance. Won. _ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Redirect HTTP to HTTPS?
How do you redirect HTTP to HTTPS in a Tomcat Standalone configuration (no Apache WS)? This configuration serves static web content on port 80 and JSP/Java Servlets on port 8080. I would like requests coming in on port 80 to be routed to HTTPS automatically. Although the HTTP connectors are configured to redirect to port 8443, it's not working. I tried adding a security-constraint parameter to $CATALINA_HOME/conf/web.xml and set the transport to CONFIDENTIAL, but that didn't work. Any ideas? (P.S.) Could the directory structure for the web app be the cause of the problem (i.e. there is no /WEB-INF folder)? Latesha Williams Applications Support, Information Technology American Museum of Natural History [EMAIL PROTECTED] (W) 212.769.5947 (C) 917.837.2460 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Redirect HTTP to HTTPS?
Howdy, A webapp must have a WEB-INF folder. It's a good idea to put a web.xml file there, even if it only has the webapp / element in it. You'd like all port 80 requests (both HTTP and HTTPS) routed to port 8443? Yoav Shapira Millennium ChemInformatics -Original Message- From: Latesha Williams [mailto:[EMAIL PROTECTED] Sent: Friday, June 27, 2003 11:26 AM To: Tomcat Users List Subject: Redirect HTTP to HTTPS? Importance: High How do you redirect HTTP to HTTPS in a Tomcat Standalone configuration (no Apache WS)? This configuration serves static web content on port 80 and JSP/Java Servlets on port 8080. I would like requests coming in on port 80 to be routed to HTTPS automatically. Although the HTTP connectors are configured to redirect to port 8443, it's not working. I tried adding a security-constraint parameter to $CATALINA_HOME/conf/web.xml and set the transport to CONFIDENTIAL, but that didn't work. Any ideas? (P.S.) Could the directory structure for the web app be the cause of the problem (i.e. there is no /WEB-INF folder)? Latesha Williams Applications Support, Information Technology American Museum of Natural History [EMAIL PROTECTED] (W) 212.769.5947 (C) 917.837.2460 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
redirect http to https???
Hi I implemented SSL . If i brows particular http, it shold redirect to https page. How to do this.How to redirect http page to https page?? Regards Tomcat _ Any Opinions, explicit or implied, are solely those of the author and do not necessarily represent those of Questech. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: redirect http to https???
http://tomcatfaq.sourceforge.net/security.html -Tim tomcat wrote: Hi I implemented SSL . If i brows particular http, it shold redirect to https page. How to do this.How to redirect http page to https page?? Regards Tomcat - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: automatically redirect http to https in tomcat
[EMAIL PROTECTED] wrote: Is it possible to automatically redirect any http request to https in an Apache + Tomcat environment? For example, If I enter http://my.domain.com/mycontext http://my.domain.com/mycontext , I would be automatically redirected to https://my.domain.com/mycontext? Yes, I do it! What needs to be remembered is that since you are doing the SSL bit in Apache, you don't use the 'transport guarantee' thang in Tomcat (which is how Tomcat 'knows' it has to switch to HTTPS). SO, on my site, I have an unprotected home page .../drs/home with a link to the protected home page .../drs/private/home. Along the way, Tomcat authenticates the user via my login form .../drs/login. The login form (and every subsequent page of course) needs to be SSL-encrypted. So, here's how I do this in httpd.conf... VirtualHost macx.ei.jrc.it ServerName macx.ei.jrc.it hostname:/drs # Redirect Tomcat's http:.../login request to https:.../login # Redirect /drs/login https://macx.ei.jrc.it/drs/login Redirect /drs/private/home https://macx.ei.jrc.it/drs/private/home # Static files Alias /drs /usr/local/tomcat/webapps/drs Directory /usr/local/tomcat/webapps/drs Options Indexes FollowSymLinks DirectoryIndex web/index.html /Directory # Deny direct access to WEB-INF and META-INF # Location /drs/WEB-INF/* AllowOverride None deny from all /Location Location /drs/META-INF/* AllowOverride None deny from all /Location JkMount /drs/home ajp13 JkMount /drs/auth_error ajp13 JkMount /drs/login_error ajp13 /VirtualHost VirtualHost macx.ei.jrc.it:443 # General setup for the virtual host DocumentRoot /usr/local/apache2/htdocs ServerName macx.ei.jrc.it:443 ServerAdmin [EMAIL PROTECTED] ErrorLog logs/error_log TransferLog logs/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache2/conf/ssl.crt/macx.crt SSLCertificateKeyFile /usr/local/apache2/conf/ssl.crt/macx-private.key Files ~ /drs/login SSLOptions +StdEnvVars /Files Directory /drs/private SSLOptions +StdEnvVars /Directory SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ %t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b macx.ei.jrc.it/drs # Static files Alias /drs /usr/local/tomcat/webapps/drs Directory /usr/local/tomcat/webapps/drs Options Indexes FollowSymLinks DirectoryIndex /web/index.html /Directory # Deny direct access to WEB-INF and META-INF # Location /drs/WEB-INF/* AllowOverride None deny from all /Location Location /drs/META-INF/* AllowOverride None deny from all /Location JkMount /drs/j_security_check ajp13 JkMount /drs/private/* ajp13 JkMount /drs/auth_error ajp13 JkMount /drs/login ajp13 /VirtualHost HTH Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
automatically redirect http to https in tomcat
Is it possible to automatically redirect any http request to https in an Apache + Tomcat environment? For example, If I enter http://my.domain.com/mycontext http://my.domain.com/mycontext , I would be automatically redirected to https://my.domain.com/mycontext? Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing
Re: automatically redirect http to https in tomcat
The only way I can think of to do that is to mirror your secure content with nonsecure matching pages with either META or Javascript redirects, or using JSP (PHP and other server-side languages could do it too) to do a header write. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, February 11, 2003 4:11 PM Subject: automatically redirect http to https in tomcat Is it possible to automatically redirect any http request to https in an Apache + Tomcat environment? For example, If I enter http://my.domain.com/mycontext http://my.domain.com/mycontext , I would be automatically redirected to https://my.domain.com/mycontext? Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: automatically redirect http to https in tomcat
In the httpd.conf under the virtual host listening to port 80 have the line RedirectPermanent / https://my.domain.com if you want it to do for specific content you may have to play with the above statement or redirect rules. The above would be for all http requests. -MN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tue, February 11, 2003 4:12 PM To: [EMAIL PROTECTED] Subject: automatically redirect http to https in tomcat Is it possible to automatically redirect any http request to https in an Apache + Tomcat environment? For example, If I enter http://my.domain.com/mycontext http://my.domain.com/mycontext , I would be automatically redirected to https://my.domain.com/mycontext? Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: automatically redirect http to https in tomcat
Actually I want to force the https access of my context 1. I included ssl.conf in httpd.conf. 2. In ssl.conf, I enabled SSL and VirtualHost _default_:* ServerName my.domain.com:443 .. /VirtualHost 3. In my server.xml, the only connector loaded is a secure one. Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 .. redirectPort=8443 scheme=https secure=true ../ I assume any http request will be automatically redirected as https to 8443. However, if I type http://my.domain.com/mycontext, apache gave me a bad Request page. Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Hint: https://my.domain.com/ Am I totally wrong? Any thought besides RedirectPermanent and the above no-user-friendly remind? Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing -Original Message- From: Mohamed Nasser [mailto:[EMAIL PROTECTED]] Sent: February 11, 2003 4:23 PM To: Tomcat Users List Subject: RE: automatically redirect http to https in tomcat In the httpd.conf under the virtual host listening to port 80 have the line RedirectPermanent / https://my.domain.com if you want it to do for specific content you may have to play with the above statement or redirect rules. The above would be for all http requests. -MN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tue, February 11, 2003 4:12 PM To: [EMAIL PROTECTED] Subject: automatically redirect http to https in tomcat Is it possible to automatically redirect any http request to https in an Apache + Tomcat environment? For example, If I enter http://my.domain.com/mycontext http://my.domain.com/mycontext , I would be automatically redirected to https://my.domain.com/mycontext? Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: automatically redirect http to https in tomcat
PQ, Are you using struts? if so I may be able to help you. Best, Stephen Schaubach -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: automatically redirect http to https in tomcat Importance: Low Is it possible to automatically redirect any http request to https in an Apache + Tomcat environment? For example, If I enter http://my.domain.com/mycontext http://my.domain.com/mycontext , I would be automatically redirected to https://my.domain.com/mycontext? Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing
RE: automatically redirect http to https in tomcat
Yes, I use struts. It used to automatically redirect http request to https with https setup in ssl.conf. After I upgraded to b3, 4.1.18, 2.0.44, http is http and https is https. Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: February 11, 2003 5:13 PM To: [EMAIL PROTECTED] Subject: RE: automatically redirect http to https in tomcat PQ, Are you using struts? if so I may be able to help you. Best, Stephen Schaubach -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: automatically redirect http to https in tomcat Importance: Low Is it possible to automatically redirect any http request to https in an Apache + Tomcat environment? For example, If I enter http://my.domain.com/mycontext http://my.domain.com/mycontext , I would be automatically redirected to https://my.domain.com/mycontext? Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing
RE: automatically redirect http to https in tomcat
Ok then, In the struts config you would present the view with not just a relative path but a full path with https://etc Best, Stephen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 2:22 PM To: [EMAIL PROTECTED] Subject: RE: automatically redirect http to https in tomcat Importance: Low Yes, I use struts. It used to automatically redirect http request to https with https setup in ssl.conf. After I upgraded to b3, 4.1.18, 2.0.44, http is http and https is https. Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: February 11, 2003 5:13 PM To: [EMAIL PROTECTED] Subject: RE: automatically redirect http to https in tomcat PQ, Are you using struts? if so I may be able to help you. Best, Stephen Schaubach -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: automatically redirect http to https in tomcat Importance: Low Is it possible to automatically redirect any http request to https in an Apache + Tomcat environment? For example, If I enter http://my.domain.com/mycontext http://my.domain.com/mycontext , I would be automatically redirected to https://my.domain.com/mycontext? Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing
Re: automatically redirect http to https in tomcat
[EMAIL PROTECTED]: Yes, I use struts. It used to automatically redirect http request to https with https setup in ssl.conf. After I upgraded to b3, 4.1.18, 2.0.44, http is http and https is https. What I've done in Struts, is to subclass ActionServlet, replace the doGet() and doPost() methods, and in the replaced methods test if HttpServletRequest.isSecure() is true or false, and if false, redirect to an HTTPS URL. This worked with Tomcat 3.2 and the Jk connector to apache, but didn't work with Tomcat 4.1.12 and the Coyote connector (I had to use the Jk connector), but it now works with tomcat 4.1.18 and the Coyote connector (which seems to be able to handle a lot more traffic than the okd Jk connector). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: automatically redirect http to https in tomcat
I got this working by using separate jkmounts for two different virtual hosts. One for http, the other for https. Then I have a redirect to move to specific page. Please see my complete description of my setup at http://daydream.stanford.edu/tomcat/install_web_services.html Oscar On Tue, 11 Feb 2003 [EMAIL PROTECTED] wrote: Yes, I use struts. It used to automatically redirect http request to https with https setup in ssl.conf. After I upgraded to b3, 4.1.18, 2.0.44, http is http and https is https. Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: February 11, 2003 5:13 PM To: [EMAIL PROTECTED] Subject: RE: automatically redirect http to https in tomcat PQ, Are you using struts? if so I may be able to help you. Best, Stephen Schaubach -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: automatically redirect http to https in tomcat Importance: Low Is it possible to automatically redirect any http request to https in an Apache + Tomcat environment? For example, If I enter http://my.domain.com/mycontext http://my.domain.com/mycontext , I would be automatically redirected to https://my.domain.com/mycontext? Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: automatically redirect http to https in tomcat
One more thing. Make sure NOT to use an include for the mod_jk.conf file. Then it becomes global and screws you up. At least that's what I figured was happening. Oscar On Tue, 11 Feb 2003, Oscar Carrillo wrote: I got this working by using separate jkmounts for two different virtual hosts. One for http, the other for https. Then I have a redirect to move to specific page. Please see my complete description of my setup at http://daydream.stanford.edu/tomcat/install_web_services.html Oscar On Tue, 11 Feb 2003 [EMAIL PROTECTED] wrote: Yes, I use struts. It used to automatically redirect http request to https with https setup in ssl.conf. After I upgraded to b3, 4.1.18, 2.0.44, http is http and https is https. Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: February 11, 2003 5:13 PM To: [EMAIL PROTECTED] Subject: RE: automatically redirect http to https in tomcat PQ, Are you using struts? if so I may be able to help you. Best, Stephen Schaubach -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: automatically redirect http to https in tomcat Importance: Low Is it possible to automatically redirect any http request to https in an Apache + Tomcat environment? For example, If I enter http://my.domain.com/mycontext http://my.domain.com/mycontext , I would be automatically redirected to https://my.domain.com/mycontext? Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: automatically redirect http to https in tomcat
This is part of the servlet spec. Use a transport guarantee. You won't have to do any extra coding. security-constraint web-resource-collection web-resource-nameTomcat/web-resource-name url-pattern/*/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint Jake At 05:22 PM 2/11/2003 -0500, you wrote: Yes, I use struts. It used to automatically redirect http request to https with https setup in ssl.conf. After I upgraded to b3, 4.1.18, 2.0.44, http is http and https is https. Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: February 11, 2003 5:13 PM To: [EMAIL PROTECTED] Subject: RE: automatically redirect http to https in tomcat PQ, Are you using struts? if so I may be able to help you. Best, Stephen Schaubach -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: automatically redirect http to https in tomcat Importance: Low Is it possible to automatically redirect any http request to https in an Apache + Tomcat environment? For example, If I enter http://my.domain.com/mycontext http://my.domain.com/mycontext , I would be automatically redirected to https://my.domain.com/mycontext? Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing