Thank your Mike, I got it solved thank to the link you gave me. I also found this in some forum which helped me a lot in understanding Acegi configuration. Here it is by copy/paste:
chubi wrote: > > --------------------------------------------------------------------------- > Here is a rundown of what I did to make SSL work. > > In the security.xml > 1) Add a new filter to the filterChainProxy called > channelProcessingFilter. > It may already be there but regardless of what the documentation around > the > internet says it needs to go second, I found, i.e. > > <bean id="filterChainProxy" > class="org.acegisecurity.util.FilterChainProxy"> > <property name="filterInvocationDefinitionSource"> > <value> > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON > PATTERN_TYPE_APACHE_ANT > > /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,channelProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor > </value> > <!-- Put channelProcessingFilter before > securityContextHolderAwareRequestFilter to turn on SSL switching --> > <!-- It's off by default b/c Canoo WebTest doesn't support SSL > out-of-the-box --> > </property> > </bean> > > That will get make it so that when the request is being filtered it will > pass though the channelProcessingFilter to check if a secure channel is > required or not. > > Next, add (or modify) your channelProcessingFilter as follows: > > <!-- SSL Switching: to use this, configure it in the filterChainProxy > bean > --> > <bean id="channelProcessingFilter" > class="org.acegisecurity.securechannel.ChannelProcessingFilter"> > <property name="channelDecisionManager" > ref="channelDecisionManager"/> > <property name="filterInvocationDefinitionSource"> > <value> > PATTERN_TYPE_APACHE_ANT > /login.html=REQUIRES_INSECURE_CHANNEL > /**=REQUIRES_SECURE_CHANNEL > </value> > </property> > </bean> > > <bean id="channelDecisionManager" > class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl"> > <property name="channelProcessors"> > <list> > <bean > class="org.acegisecurity.securechannel.SecureChannelProcessor"/> > <bean > class="org.acegisecurity.securechannel.InsecureChannelProcessor"/> > </list> > </property> > </bean> > > The pattern described above by the property > filterInvocationDefinitionSource > tells the system that in my case I want all requests to go via a secure > channel except the login.html page. > > You are done for the java/spring bits. > > Go to in my case Tomcat and edit the conf/server.xml file in the following > sections > > <!-- Define a non-SSL Coyote HTTP/1.1 Connector on the port specified > during installation --> > <Connector > port="80" maxThreads="150" minSpareThreads="25" > maxSpareThreads="75" > enableLookups="false" redirectPort="443" acceptCount="100" > debug="0" connectionTimeout="20000" > disableUploadTimeout="true" /> > <!-- Note : To disable connection timeouts, set connectionTimeout > value > to 0 --> > > <!-- Note : To use gzip compression you could set the following > properties > : > > compression="on" > compressionMinSize="2048" > noCompressionUserAgents="gozilla, traviata" > compressableMimeType="text/html,text/xml" > --> > > <!-- Define a SSL Coyote HTTP/1.1 Connector on port 443 --> > > <Connector port="443" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" debug="0" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" /> > > The changes from the norm are enabling the SSL connector and changing the > used ports to 80(i.e. normal) and 443(i.e. SSL) from those given by > default > when you use Tomcat. After all tomcat is used to getting its calls from > Apache or JBoss. > > I think that is it. > > A word of warning to all those thinking of just using a Tomcat server and > ignoring Apache. Tomcat uses a less secure cut of the code from the > apache > server so it can only be made to support SSLv2. You can upgrade it > though, > go to the following link, > > http://tomcat.apache.org/tomcat-5.5-doc/apr.html > > You will then be able to configure your server to run the more secure > Apache > Portable Runtime. > > Finding that kept me happy for a couple of days :( > > I hope that helps. I suspect next I should be a good community person and > detail how to get authentication and authorisation going using LDAP and > WSDL > within the acegi framework. Maybe next week!! > > Nigel > --------------------------------------------------------------------------- > -- View this message in context: http://www.nabble.com/Appfuse-2-SSL-switching-tp14878223s2369p14917873.html Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
