You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Gavin Yue <yu...@gmail.com> on 2011/04/06 23:08:10 UTC
tomcat and spring security secure channel setting
Hi,
I am using grails spring security to secure the url. I specify in
grails:
grails.plugins.springsecurity.secureChannel.definition = [
'/': 'REQUIRES_INSECURE_CHANNEL',
'/**': 'REQUIRES_SECURE_CHANNEL',
]
to make the homepage use http and all other url use https. This works fine
locally with port: 8080 and 8443.
On tomcat, I configure server.xml in this way:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
port="8443"
maxThreads="200" scheme="https" secure="true" SSLEnabled="true"
SSLCertificateKeyFile="${catalina.base}/conf/www.domain.com.key"
SSLPassword="password"
SSLCertificateFile="${catalina.base}/conf/www.domain.com.crt"
SSLCertificateChainFile="${catalina.base}/conf/www.domain.com.ca-bundle"
enableLookups="false" clientAuth="false" sslProtocol="TLS"
/>
To make the server could visited through 80 and 443. I add to iptables
rules:
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 8080
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT
--to-port 8443
The problem is that:
1. If I visit https://www.domain.com , it says there is a infinite redirect
loop
2.If I visit http://www.domain.com:8080, it works perfectly.
3. If I visit http://www.domain.com, it only download the content and can
not download css, js since the https://www.domain.com/css is not accessible
as described in 1.
Anyone could help me on this problem? Thank you so much.
Best,
Gavin
Re: tomcat and spring security secure channel setting
Posted by Igor Cicimov <ic...@gmail.com>.
Remove the second iptables rule and see if it works. You have that redirect
in the connector already.
Sent from my phone
On Apr 7, 2011 7:08 AM, "Gavin Yue" <yu...@gmail.com> wrote:
Hi,
I am using grails spring security to secure the url. I specify in
grails:
grails.plugins.springsecurity.secureChannel.definition = [
'/': 'REQUIRES_INSECURE_CHANNEL',
'/**': 'REQUIRES_SECURE_CHANNEL',
]
to make the homepage use http and all other url use https. This works fine
locally with port: 8080 and 8443.
On tomcat, I configure server.xml in this way:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
port="8443"
maxThreads="200" scheme="https" secure="true" SSLEnabled="true"
SSLCertificateKeyFile="${catalina.base}/conf/www.domain.com.key"
SSLPassword="password"
SSLCertificateFile="${catalina.base}/conf/www.domain.com.crt"
SSLCertificateChainFile="${catalina.base}/conf/www.domain.com.ca-bundle"
enableLookups="false" clientAuth="false" sslProtocol="TLS"
/>
To make the server could visited through 80 and 443. I add to iptables
rules:
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 8080
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT
--to-port 8443
The problem is that:
1. If I visit https://www.domain.com , it says there is a infinite redirect
loop
2.If I visit http://www.domain.com:8080, it works perfectly.
3. If I visit http://www.domain.com, it only download the content and can
not download css, js since the https://www.domain.com/css is not accessible
as described in 1.
Anyone could help me on this problem? Thank you so much.
Best,
Gavin