http vs https

[John Baker <jb...@teamenergy.com>]

Hello.

I'm working with some MS guys at the moment. Obviously this is quite 
difficult as it's like trying to talk to a brick at times ('IIS is very 
friendly', they said :-). however they'd like me to run tomcat on port 443 
without the SSL engine. They want to use their own SSL accelarator however 
this doesn't quite work with tomcat. I think tomcat is right but this is 
what's happening:

Rser connects to a url via https. Tomcat creates a redirect but makes it like 
this:

http://host:443/whatever.jsp

It must detect that as it isn't doing the SSL, and the SSL accelarator has 
decoded the SSL stream from the user, the connection is insecure and it 
therefore uses HTTP and not HTTPS.

Is there anyway to override this behaviour?

Thanks


John Baker

-- 
John Baker, BSc CS.
Java Developer, TEAM Slb. (http://www.teamenergy.com)
The views expressed in this mail are my own.

Re: http vs https

[John Baker <jb...@teamenergy.com>]

On Monday 20 August 2001 03:15 am, you wrote:
> > You must be joking. We're charging them :) It's just the twisted way they
> > like to deploy things.
>
> "their own SSL accelerator" sounded like they had their own... my bad =)
>
> > but of course that needs to be:
> >
> > https://whatever....
> >
> > if the accelarator is in use.
>
> Wouldn't *any* web server behind this accelerator have a similar problem?
> Where it wouldn't know that it's being SSL'd and thus return HTTP as the
> scheme?  Sounds to me like something the authors of this accelerator should
> know about... actually deploying it =)

They are using IIS. That just about sums up the collective IQ.

I'm still keen to know how to get the servlet context path for a web 
application.. ie how to get /examples of the examples application. :)

-- 
John Baker, BSc CS.
Java Developer, TEAM Slb. (http://www.teamenergy.com)
The views expressed in this mail are my own.

RE: http vs https

["Rob S." <rs...@home.com>]

> You must be joking. We're charging them :) It's just the twisted way they
> like to deploy things.

"their own SSL accelerator" sounded like they had their own... my bad =)

> but of course that needs to be:
>
> https://whatever....
>
> if the accelarator is in use.

Wouldn't *any* web server behind this accelerator have a similar problem?
Where it wouldn't know that it's being SSL'd and thus return HTTP as the
scheme?  Sounds to me like something the authors of this accelerator should
know about... actually deploying it =)

- r

Re: http vs https

[John Baker <jb...@teamenergy.com>]

On Saturday 18 August 2001 17:17 pm, you wrote:
> > without the SSL engine. They want to use their own SSL
> > accelarator however
>
> <freeware geek>No doubt one they're going to charge your company for!</fg>
>
You must be joking. We're charging them :) It's just the twisted way they 
like to deploy things.

> > It must detect that as it isn't doing the SSL, and the SSL
> > accelarator has
> > decoded the SSL stream from the user, the connection is insecure and it
> > therefore uses HTTP and not HTTPS.
>
> I would agree.  Tomcat has no knowledge that SSL is in use and returns the
> appropriate URL.
>
> > Is there anyway to override this behaviour?
>
> Hmm...  generate all URLs by hand with a custom tag?
>
> <myTags:encodeURL>/someDir/somePage.jsp</>
>
> ...and I don't think you'd be able to use a RequestDispatcher to forward
> requests either.  Maybe one of the TC devs can reply if interceptors or
> valves or something could help.
>
> I'm not too experienced with all of this, but I figured I'd try and help
> out nonetheless ;)
>
ta :) Well I can't really recode the urls. I have no problems using my own 
urls, infact I have an object which reads a .rc file that tells the web 
engine where it's deployed, so it can create links like:

<%= WebDefaults.ROOT_PATH + "myImages/moo.gif" %>

WebDefaults.ROOT_PATH is the path from / that this jsp is deployed. But I 
started using this in my novice days. I'm sure there is a method to get that 
for me ? :)

The actualy problem is the initial redirect when the client says to the 
server:

GET / HTTP/1.0

and the server returns a redirect to:

http://whatever/index.jsp

but of course that needs to be:

https://whatever....

if the accelarator is in use.


John

> - r

-- 
John Baker, BSc CS.
Java Developer, TEAM Slb. (http://www.teamenergy.com)
The views expressed in this mail are my own.

RE: http vs https

["Rob S." <rs...@home.com>]

> without the SSL engine. They want to use their own SSL
> accelarator however

<freeware geek>No doubt one they're going to charge your company for!</fg>

> It must detect that as it isn't doing the SSL, and the SSL
> accelarator has
> decoded the SSL stream from the user, the connection is insecure and it
> therefore uses HTTP and not HTTPS.

I would agree.  Tomcat has no knowledge that SSL is in use and returns the
appropriate URL.

> Is there anyway to override this behaviour?

Hmm...  generate all URLs by hand with a custom tag?

<myTags:encodeURL>/someDir/somePage.jsp</>

...and I don't think you'd be able to use a RequestDispatcher to forward
requests either.  Maybe one of the TC devs can reply if interceptors or
valves or something could help.

I'm not too experienced with all of this, but I figured I'd try and help out
nonetheless ;)

- r