Re: Automatic switch from http to https doesn't work for IE, does for Netscape

Sat, 09 Aug 2003 18:00:33 -0700 

This is a known problem with MSIE.  See
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 for more details.

"Murray" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Tomcat 4.0.6
> Windows 2000
> IE 5, SP3
> Netscape 7.02
>
>
> I have a website which is part public, part secure.  There are html
entries
> such as "&lt a href=members/index.jsp &gt" in the public area which will
> jump to the secure area.  The site is entered, by default using
> http://localhost:8080 but the members area is protected via SSL and
> transport guarantee stanzas
>  <security-constraint>
>   <web-resource-collection>
>    <web-resource-name>ScoutGroup-Secure</web-resource-name>
>    <url-pattern>/members/*</url-pattern>
>   </web-resource-collection>
>   <auth-constraint>
>     <role-name>member</role-name>
>   </auth-constraint>
>   <user-data-constraint>
>    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>   </user-data-constraint>
>  </security-constraint>
>
> I understand that this should force any
> http://localhost:8080/scoutgroup/members request to switch to
> https://localhost:8443/scoutgroup/members.  Under Netscape it does and I
am
> notified that I am going to a secure page, prompted to accept the SSL
> certificate then driven through my logon.jsp to
> response.encodeURL("j_security_check").  Under IE, however, I am notified
> that I am going to a secure page, prompted to accept the SSL certificate
> then told the page cannot be found.
>
> For testing purposes, I tried putting
> http://localhost:8080/scoutgroup/members in the browser's address box.
>
> The access log contains the following (with my annotations prefixed with
> ////)
> //// Using IE
> 127.0.0.1 - - [09/Aug/2003:15:09:28 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 302 654
> 127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 302 654
> 127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "  a  ] ?4?
> Yq8*+??R?I?T:?<?"[EMAIL PROTECTED] /?4? HTTP/0.9" 501 988
>
> //// Using Netscape
> 127.0.0.1 - - [09/Aug/2003:15:59:48 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 302 654
> 127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 302 654
> 127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET /scoutgroup/logon.jsp
> HTTP/1.1" 200 576
> 127.0.0.1 - - [09/Aug/2003:16:01:07 10000] "POST
> /scoutgroup/j_security_check HTTP/1.1" 302 654
> 127.0.0.1 - nichm001 [09/Aug/2003:16:01:07 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 200 427
>
>
>
> Both browsers caused the same response (SC_MOVED_TEMPORARILY/302) as they
> attempted to navigate to the security check but then IE generated
something
> very peculiar and appeared to try to renegotiate the protocol to http/0.9
> before giving up.
>
>
> I've checked the logs - can't find anything more informative than above.
>
> I've tried running Tomcat via the "catalina run" command line option but
> there is no extra info there either.
>
> I know I can modify my code to always force the full path into hyperlinks
> but that's not good programming and has enormous potential for maintenance
> problems.
>
> Where do I look now?
>
>
> Murray




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to