apache /mod_ssl/tomcat/struts
I'm new to to ssl on three tier, esp. with struts involved does struts or apache need to be configured? I would assume mod_ssl would take into account that a certain document location is secure but since it is not static content coming back from Tomcat, I am uncertain how this would work. any clarification would be appreciated. Best, Stephen Schaubach
RE: apache /mod_ssl/tomcat/struts
the easiest way is: Apache(with mod_ssl) -- mod_jk -- Tomcat with Struts have apache handle all the http/https requests and simple forward them to Tomcat. Filip -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 4:46 PM To: [EMAIL PROTECTED] Subject: apache /mod_ssl/tomcat/struts I'm new to to ssl on three tier, esp. with struts involved does struts or apache need to be configured? I would assume mod_ssl would take into account that a certain document location is secure but since it is not static content coming back from Tomcat, I am uncertain how this would work. any clarification would be appreciated. Best, Stephen Schaubach - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: apache /mod_ssl/tomcat/struts
Thanks, I hope you don't mind me writing you directly. so, changing apache httpd.conf to use a location/ of the secure files is what I am having trouble with. If the document is a webpage.do (struts) file and is expected in /dir1/securearea/ , will the mod_jk2 take care of this?? everything just happens or is there some mod_jk2 config I should do? I am using mod_jk2, fyi thanks again Best, Stephen Schaubach -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 4:54 PM To: Tomcat Users List Subject: RE: apache /mod_ssl/tomcat/struts Importance: Low the easiest way is: Apache(with mod_ssl) -- mod_jk -- Tomcat with Struts have apache handle all the http/https requests and simple forward them to Tomcat. Filip -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 4:46 PM To: [EMAIL PROTECTED] Subject: apache /mod_ssl/tomcat/struts I'm new to to ssl on three tier, esp. with struts involved does struts or apache need to be configured? I would assume mod_ssl would take into account that a certain document location is secure but since it is not static content coming back from Tomcat, I am uncertain how this would work. any clarification would be appreciated. Best, Stephen Schaubach - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: apache /mod_ssl/tomcat/struts
yes, it will work perfectly without any problems. not sure why you need to change the location tag. instead what you will need to do is to setup your jk.properties and mod_jk.conf to forward requests to Tomcat, and the request URL will work fine with struts. we are using struts in our environment, and it looks just like that. Filip -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 5:08 PM To: [EMAIL PROTECTED] Subject: RE: apache /mod_ssl/tomcat/struts Thanks, I hope you don't mind me writing you directly. so, changing apache httpd.conf to use a location/ of the secure files is what I am having trouble with. If the document is a webpage.do (struts) file and is expected in /dir1/securearea/ , will the mod_jk2 take care of this?? everything just happens or is there some mod_jk2 config I should do? I am using mod_jk2, fyi thanks again Best, Stephen Schaubach -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 4:54 PM To: Tomcat Users List Subject: RE: apache /mod_ssl/tomcat/struts Importance: Low the easiest way is: Apache(with mod_ssl) -- mod_jk -- Tomcat with Struts have apache handle all the http/https requests and simple forward them to Tomcat. Filip -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 4:46 PM To: [EMAIL PROTECTED] Subject: apache /mod_ssl/tomcat/struts I'm new to to ssl on three tier, esp. with struts involved does struts or apache need to be configured? I would assume mod_ssl would take into account that a certain document location is secure but since it is not static content coming back from Tomcat, I am uncertain how this would work. any clarification would be appreciated. Best, Stephen Schaubach - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: apache /mod_ssl/tomcat/struts
Hello, Filip. Can secure connections be enforced declaratively when using apache/mod_ssl/mod_jk/tomcat? If so, where (and how) can it be done? httpd.conf? server.xml? web.xml? Or does detecting an insecure connection have to be done within the web application? As in... if(!request.isSecure()) response.sendRedirect... -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 18:12 To: Tomcat Users List Subject: RE: apache /mod_ssl/tomcat/struts yes, it will work perfectly without any problems. not sure why you need to change the location tag. instead what you will need to do is to setup your jk.properties and mod_jk.conf to forward requests to Tomcat, and the request URL will work fine with struts. we are using struts in our environment, and it looks just like that. Filip -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 5:08 PM To: [EMAIL PROTECTED] Subject: RE: apache /mod_ssl/tomcat/struts Thanks, I hope you don't mind me writing you directly. so, changing apache httpd.conf to use a location/ of the secure files is what I am having trouble with. If the document is a webpage.do (struts) file and is expected in /dir1/securearea/ , will the mod_jk2 take care of this?? everything just happens or is there some mod_jk2 config I should do? I am using mod_jk2, fyi thanks again Best, Stephen Schaubach -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 4:54 PM To: Tomcat Users List Subject: RE: apache /mod_ssl/tomcat/struts Importance: Low the easiest way is: Apache(with mod_ssl) -- mod_jk -- Tomcat with Struts have apache handle all the http/https requests and simple forward them to Tomcat. Filip -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 4:46 PM To: [EMAIL PROTECTED] Subject: apache /mod_ssl/tomcat/struts I'm new to to ssl on three tier, esp. with struts involved does struts or apache need to be configured? I would assume mod_ssl would take into account that a certain document location is secure but since it is not static content coming back from Tomcat, I am uncertain how this would work. any clarification would be appreciated. Best, Stephen Schaubach - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: apache + mod_SSL + tomcat
Hi, -Original Message- From: Cressatti, Dominique [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 7:38 PM To: Tomcat Users List Subject: apache + mod_SSL + tomcat Hi, I've got apache + mod_SSL + tomcat working (I don't deserve that much credit as mod_ssl worked right out the box) but I wonder couldn't the security bypassed, like for example accessing the page on port 8080 instead of port 443 ? If you leave Tomcat listening on 8080 then yes it can be. So, you just have to modify your server.xml and disable HttpConnector. Dom Anton -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: apache + mod_SSL + tomcat
I never saw an answer go by to the below question and was curious what it would be. Does no one now the answer Dean Cressatti, Dominique wrote: Hi, I've got apache + mod_SSL + tomcat working (I don't deserve that much credit as mod_ssl worked right out the box) but I wonder couldn't the security bypassed, like for example accessing the page on port 8080 instead of port 443 ? Dom -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: apache + mod_SSL + tomcat
my guess is yes, if you do not check in jsp/servlets are on https (request.isSecure()) and if you are allowing users to port 8080 (block it). my guess... :) -Original Message- From: Dean Hiller [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 7:33 AM To: Tomcat Users List Subject: Re: apache + mod_SSL + tomcat I never saw an answer go by to the below question and was curious what it would be. Does no one now the answer Dean Cressatti, Dominique wrote: Hi, I've got apache + mod_SSL + tomcat working (I don't deserve that much credit as mod_ssl worked right out the box) but I wonder couldn't the security bypassed, like for example accessing the page on port 8080 instead of port 443 ? Dom -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: apache + mod_SSL + tomcat
Anton Brazhnyk answered it. I followed his advice. I basically commented out the HttpConnector running on port 8080 and that was it. From that point I can't an http connection on port 8080 but I can still access my app on port 80 (normal http) and port 443 (https). One point that was made by somebody else what about the connection between apache and tomcat? Either mod_jk on port 8009 (or 8007) or mod_webapp on port 8008. As far as I know those connectors are not ssl enabled. Dom -Original Message- From: Dean Hiller [mailto:[EMAIL PROTECTED]] Sent: 06 February 2002 13:33 To: Tomcat Users List Subject: Re: apache + mod_SSL + tomcat I never saw an answer go by to the below question and was curious what it would be. Does no one now the answer Dean Cressatti, Dominique wrote: Hi, I've got apache + mod_SSL + tomcat working (I don't deserve that much credit as mod_ssl worked right out the box) but I wonder couldn't the security bypassed, like for example accessing the page on port 8080 instead of port 443 ? Dom -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: apache + mod_SSL + tomcat
I think there is a way to solve the problem without shutting down port 8080. Someone please verify this is true. If I use a servlet, my servlet can determine if the connection is from 8443 or 8080 and if it is from 8080 can deny the user access right away. Is this correct? I was kind of waiting on an answer like this. thanks, Dean -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: apache + mod_SSL + tomcat
...my servlet can determine if the connection is from 8443 or 8080.. While not much clued up about java (but having seen a few examples) I would think its possible. Then again why would you like to do it at the servlet level? Why would you want to keep port 8080 opened when 80, 443 or 8443 are? Dom -Original Message- From: Dean Hiller [mailto:[EMAIL PROTECTED]] Sent: 06 February 2002 14:50 To: Tomcat Users List Subject: Re: apache + mod_SSL + tomcat I think there is a way to solve the problem without shutting down port 8080. Someone please verify this is true. If I use a servlet, my servlet can determine if the connection is from 8443 or 8080 and if it is from 8080 can deny the user access right away. Is this correct? I was kind of waiting on an answer like this. thanks, Dean -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: apache + mod_SSL + tomcat
Hi, -Original Message- From: Cressatti, Dominique [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 4:00 PM To: Tomcat Users List Subject: RE: apache + mod_SSL + tomcat Anton Brazhnyk answered it. I followed his advice. I basically commented out the HttpConnector running on port 8080 and that was it. From that point I can't an http connection on port 8080 but I can still access my app on port 80 (normal http) and port 443 (https). So, do you want SSL-only for entire web application? append something like following to your web.xml security-constraint web-resource-collection web-resource-nameEntire application/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method /web-resource-collection user-data-constraint descriptionUser data constraint description/description transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint One point that was made by somebody else what about the connection between apache and tomcat? Either mod_jk on port 8009 (or 8007) or mod_webapp on port 8008. As far as I know those connectors are not ssl enabled. These tasks are for your firewall :) Dom Anton -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: apache + mod_SSL + tomcat
In my app, we don't need everything to run over SSL and we are not using apache so we only have ports 80 and 8443. I changed the default 8080 to 80 and should have probably changed 8443 to 443. When SSL is not necessary, we don't use it as it slows down the downloading of the pages. Dean -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: apache + mod_SSL + tomcat
thanks for the xml Anton that is much better than putting the code in the servlet, and is easy to expand to a per servlet/html page basis. thanks, Dean -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: apache + mod_SSL + tomcat
Dom, Do you think you could give some of us a few pointers on how you got mod_SSL and tomcat to work? That would be awesome. Thanks. Charlie -Original Message- From: Cressatti, Dominique [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 12:38 PM To: Tomcat Users List Subject: apache + mod_SSL + tomcat Hi, I've got apache + mod_SSL + tomcat working (I don't deserve that much credit as mod_ssl worked right out the box) but I wonder couldn't the security bypassed, like for example accessing the page on port 8080 instead of port 443 ? Dom -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
apache + mod_SSL + tomcat
Hi, I've got apache + mod_SSL + tomcat working (I don't deserve that much credit as mod_ssl worked right out the box) but I wonder couldn't the security bypassed, like for example accessing the page on port 8080 instead of port 443 ? Dom
RE: apache + mod_SSL + tomcat
Well... like I said I deserve not credit on that subject it worked straight out the box. Am using RH 7.2, I made sure I installed openSSL and mod_SSL. I pointed my browser to https://localhost:443 and is worked (there was even a preconfigured certificat) Like I said I deserve no credits. Dom -Original Message- From: Charles N. Harvey III [mailto:[EMAIL PROTECTED]] Sent: 05 February 2002 17:44 To: Tomcat Users List Subject: RE: apache + mod_SSL + tomcat Dom, Do you think you could give some of us a few pointers on how you got mod_SSL and tomcat to work? That would be awesome. Thanks. Charlie -Original Message- From: Cressatti, Dominique [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 12:38 PM To: Tomcat Users List Subject: apache + mod_SSL + tomcat Hi, I've got apache + mod_SSL + tomcat working (I don't deserve that much credit as mod_ssl worked right out the box) but I wonder couldn't the security bypassed, like for example accessing the page on port 8080 instead of port 443 ? Dom -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: apache + mod_SSL + tomcat
I thought tomcat was on 8443 by default. Are you sure you are pointing at tomcat, or do you have another webserver running on port 443, since that is the default that most webservers use when starting up. tomcat is the exception running on 8443 thanks, Dean -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Apache + mod_ssl === Tomcat + JSSE
Hi, I have created a CA with openssl and I generate client and server certificates. I install this certificates in Apache (directories /ssl.cert and /ssl.key) and it works, but how can i do the same in tomcat (keytool) to use this certificates... My question is how can import certificate and key to the keystore in tomcat. Thaks a lot, Ricardo Borillo Domenech Programació - Servei d'Informàtica Universitat Jaume I
RE: Apache + mod_ssl === Tomcat + JSSE
try to import the certificates into your kaystore file with keytool -import -trustcacerts ++ -Original Message- From: Ricardo [mailto:[EMAIL PROTECTED]] Sent: 5. september 2001 12:02 To: [EMAIL PROTECTED] Subject: Apache + mod_ssl === Tomcat + JSSE Hi, I have created a CA with openssl and I generate client and server certificates. I install this certificates in Apache (directories /ssl.cert and /ssl.key) and it works, but how can i do the same in tomcat (keytool) to use this certificates... My question is how can import certificate and key to the keystore in tomcat. Thaks a lot, Ricardo Borillo Domenech Programació - Servei d'Informàtica Universitat Jaume I
Re: Apache + mod_ssl === Tomcat + JSSE
I can import the certificate... but what about the key ?? When your configure tomcat to work with SSL you have to execute --- keytool -genkey -alias tomcat ... I would like to import my key (or something ???) with this alias. Thanks a lot, Ricardo Borillo Domenech Programació - Servei d'Informàtica Universitat Jaume I - Original Message - From: Eirik Yksnøy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 05, 2001 12:23 PM Subject: RE: Apache + mod_ssl === Tomcat + JSSE try to import the certificates into your kaystore file with keytool -import -trustcacerts ++ -Original Message- From: Ricardo [mailto:[EMAIL PROTECTED]] Sent: 5. september 2001 12:02 To: [EMAIL PROTECTED] Subject: Apache + mod_ssl === Tomcat + JSSE Hi, I have created a CA with openssl and I generate client and server certificates. I install this certificates in Apache (directories /ssl.cert and /ssl.key) and it works, but how can i do the same in tomcat (keytool) to use this certificates... My question is how can import certificate and key to the keystore in tomcat. Thaks a lot, Ricardo Borillo Domenech Programació - Servei d'Informàtica Universitat Jaume I
User Authentication Apache+mod_ssl+Tomcat 3.2.3
Hello all, I am using the above config and have a JDBC realm set-up using FORM based login. What I want to know is: 1. Is it possible to get the login page to use SSL (https or 443 port) and once the user is validated continue on the standard (http 80 port)? 2. If so, is there any documentation with regards to this? Thanks Asar - Visit our Internet site at http://www.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.