Automatic switch from http to https doesn't work for IE, does for Netscape

Thu, 14 Aug 2003 12:31:22 -0700 

Tomcat 4.0.6
Windows 2000
IE 5, SP3
Netscape 7.02


I have a website which is part public, part secure.  There are html entries
such as "&lt a href=members/index.jsp &gt" in the public area which will
jump to the secure area.  The site is entered, by default using
http://localhost:8080 but the members area is protected via SSL and
transport guarantee stanzas
 <security-constraint>
  <web-resource-collection>
   <web-resource-name>ScoutGroup-Secure</web-resource-name>
   <url-pattern>/members/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>member</role-name>
  </auth-constraint>
  <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
 </security-constraint>

I understand that this should force any
http://localhost:8080/scoutgroup/members request to switch to
https://localhost:8443/scoutgroup/members.  Under Netscape it does and I am
notified that I am going to a secure page, prompted to accept the SSL
certificate then driven through my logon.jsp to
response.encodeURL("j_security_check").  Under IE, however, I am notified
that I am going to a secure page, prompted to accept the SSL certificate
then told the page cannot be found.

For testing purposes, I tried putting
http://localhost:8080/scoutgroup/members in the browser's address box.

The access log contains the following (with my annotations prefixed with
////)
//// Using IE
127.0.0.1 - - [09/Aug/2003:15:09:28 10000] "GET
/scoutgroup/members/index.jsp HTTP/1.1" 302 654
127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "GET
/scoutgroup/members/index.jsp HTTP/1.1" 302 654
127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "  a  ] ?4?
Yq8*+??R?I?T:?<?"[EMAIL PROTECTED] /?4? HTTP/0.9" 501 988

//// Using Netscape
127.0.0.1 - - [09/Aug/2003:15:59:48 10000] "GET
/scoutgroup/members/index.jsp HTTP/1.1" 302 654
127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET
/scoutgroup/members/index.jsp HTTP/1.1" 302 654
127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET /scoutgroup/logon.jsp
HTTP/1.1" 200 576
127.0.0.1 - - [09/Aug/2003:16:01:07 10000] "POST
/scoutgroup/j_security_check HTTP/1.1" 302 654
127.0.0.1 - nichm001 [09/Aug/2003:16:01:07 10000] "GET
/scoutgroup/members/index.jsp HTTP/1.1" 200 427



Both browsers caused the same response (SC_MOVED_TEMPORARILY/302) as they
attempted to navigate to the security check but then IE generated something
very peculiar and appeared to try to renegotiate the protocol to http/0.9
before giving up.


I've checked the logs - can't find anything more informative than above.

I've tried running Tomcat via the "catalina run" command line option but
there is no extra info there either.

I know I can modify my code to always force the full path into hyperlinks
but that's not good programming and has enormous potential for maintenance
problems.

Where do I look now?


Murray



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to