Julie Moore wrote:
I have been looking al over for an explanation to what I am seeing. If I
hit my site with https I get my secure page displayed if I hit it with
http it is set up to redirect to https.
How is it set up? I believe this can only be done with
a client-side redirect, but you do not show us the page
which does this.
(If someone visits your site using HTTP you cannot
respond using HTTPS: you have to persuade them to redo
the request using HTTPS)
The problem is the redirect is
trying to use the internal IP address in the URL
(https://10.0.0.4/login.jsp) not the URL with the "www." defined.
OK but I can't see that it is Tomcat which is responsible
for this: the config details you supply look plausible but
are irrelevant.
Check your web.xml for the site's welcome page, then check
the content of this page.
Paul Singleton
We had this set up in tomcat 4 and the external users who where
redirected were able to get the secure page from "http://www."; but now
this does not work.
I have looked at all the Tomcat 5 SSL sites that have come up on a
number of searches but I do not see this problem addressed.
Julie
-----Original Message-----
From: Julie Moore [mailto:[EMAIL PROTECTED]
Sent: Monday, August 29, 2005 1:50 PM
To: [email protected]
Subject: With tomcat 5 redirects to a secure port the connection fails
I have updated a site from tomcat 4 to tomcat 5 and my link that used to
redirect to a secure site now fails. I see the webpage tying to connect
with my internal IP address instead of the external URL that the request
came in one. If I connect to https://www.x.com and hit the link to the
secure page my page displays correctly. But if I hit it from
http://www.x.com <http://www.x.com/> the secure page does not display.
The page that displays has not changed. It has a relative link to the
webapp that I want to have as secure.
I have the server.xml connectors defined:
<Connector port="80" minThreads="150" maxSpareThreads="75"
minSpareThreads="25"
enableLookups="true" redirectPort="443"
acceptCount="100" debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -->
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="c:\tomcat\conf\keystore.ks" />
and the following in the web.xml of my application I wish to have
available only as secure:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
What have I missed?
Jmoore
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.17/85 - Release Date: 30/Aug/2005
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
