You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by John Baker <jb...@teamenergy.com> on 2001/08/18 18:03:53 UTC
http vs https
Hello.
I'm working with some MS guys at the moment. Obviously this is quite
difficult as it's like trying to talk to a brick at times ('IIS is very
friendly', they said :-). however they'd like me to run tomcat on port 443
without the SSL engine. They want to use their own SSL accelarator however
this doesn't quite work with tomcat. I think tomcat is right but this is
what's happening:
Rser connects to a url via https. Tomcat creates a redirect but makes it like
this:
http://host:443/whatever.jsp
It must detect that as it isn't doing the SSL, and the SSL accelarator has
decoded the SSL stream from the user, the connection is insecure and it
therefore uses HTTP and not HTTPS.
Is there anyway to override this behaviour?
Thanks
John Baker
--
John Baker, BSc CS.
Java Developer, TEAM Slb. (http://www.teamenergy.com)
The views expressed in this mail are my own.
Re: http vs https
Posted by John Baker <jb...@teamenergy.com>.
On Monday 20 August 2001 03:15 am, you wrote:
> > You must be joking. We're charging them :) It's just the twisted way they
> > like to deploy things.
>
> "their own SSL accelerator" sounded like they had their own... my bad =)
>
> > but of course that needs to be:
> >
> > https://whatever....
> >
> > if the accelarator is in use.
>
> Wouldn't *any* web server behind this accelerator have a similar problem?
> Where it wouldn't know that it's being SSL'd and thus return HTTP as the
> scheme? Sounds to me like something the authors of this accelerator should
> know about... actually deploying it =)
They are using IIS. That just about sums up the collective IQ.
I'm still keen to know how to get the servlet context path for a web
application.. ie how to get /examples of the examples application. :)
--
John Baker, BSc CS.
Java Developer, TEAM Slb. (http://www.teamenergy.com)
The views expressed in this mail are my own.
RE: http vs https
Posted by "Rob S." <rs...@home.com>.
> You must be joking. We're charging them :) It's just the twisted way they
> like to deploy things.
"their own SSL accelerator" sounded like they had their own... my bad =)
> but of course that needs to be:
>
> https://whatever....
>
> if the accelarator is in use.
Wouldn't *any* web server behind this accelerator have a similar problem?
Where it wouldn't know that it's being SSL'd and thus return HTTP as the
scheme? Sounds to me like something the authors of this accelerator should
know about... actually deploying it =)
- r
Re: http vs https
Posted by John Baker <jb...@teamenergy.com>.
On Saturday 18 August 2001 17:17 pm, you wrote:
> > without the SSL engine. They want to use their own SSL
> > accelarator however
>
> <freeware geek>No doubt one they're going to charge your company for!</fg>
>
You must be joking. We're charging them :) It's just the twisted way they
like to deploy things.
> > It must detect that as it isn't doing the SSL, and the SSL
> > accelarator has
> > decoded the SSL stream from the user, the connection is insecure and it
> > therefore uses HTTP and not HTTPS.
>
> I would agree. Tomcat has no knowledge that SSL is in use and returns the
> appropriate URL.
>
> > Is there anyway to override this behaviour?
>
> Hmm... generate all URLs by hand with a custom tag?
>
> <myTags:encodeURL>/someDir/somePage.jsp</>
>
> ...and I don't think you'd be able to use a RequestDispatcher to forward
> requests either. Maybe one of the TC devs can reply if interceptors or
> valves or something could help.
>
> I'm not too experienced with all of this, but I figured I'd try and help
> out nonetheless ;)
>
ta :) Well I can't really recode the urls. I have no problems using my own
urls, infact I have an object which reads a .rc file that tells the web
engine where it's deployed, so it can create links like:
<%= WebDefaults.ROOT_PATH + "myImages/moo.gif" %>
WebDefaults.ROOT_PATH is the path from / that this jsp is deployed. But I
started using this in my novice days. I'm sure there is a method to get that
for me ? :)
The actualy problem is the initial redirect when the client says to the
server:
GET / HTTP/1.0
and the server returns a redirect to:
http://whatever/index.jsp
but of course that needs to be:
https://whatever....
if the accelarator is in use.
John
> - r
--
John Baker, BSc CS.
Java Developer, TEAM Slb. (http://www.teamenergy.com)
The views expressed in this mail are my own.
RE: http vs https
Posted by "Rob S." <rs...@home.com>.
> without the SSL engine. They want to use their own SSL
> accelarator however
<freeware geek>No doubt one they're going to charge your company for!</fg>
> It must detect that as it isn't doing the SSL, and the SSL
> accelarator has
> decoded the SSL stream from the user, the connection is insecure and it
> therefore uses HTTP and not HTTPS.
I would agree. Tomcat has no knowledge that SSL is in use and returns the
appropriate URL.
> Is there anyway to override this behaviour?
Hmm... generate all URLs by hand with a custom tag?
<myTags:encodeURL>/someDir/somePage.jsp</>
...and I don't think you'd be able to use a RequestDispatcher to forward
requests either. Maybe one of the TC devs can reply if interceptors or
valves or something could help.
I'm not too experienced with all of this, but I figured I'd try and help out
nonetheless ;)
- r