You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Murray <mp...@optusnet.com.au> on 2003/08/09 08:30:05 UTC
Automatic switch from http to https doesn't work for IE, does for Netscape
Tomcat 4.0.6
Windows 2000
IE 5, SP3
Netscape 7.02
I have a website which is part public, part secure. There are html entries
such as "< a href=members/index.jsp >" in the public area which will
jump to the secure area. The site is entered, by default using
http://localhost:8080 but the members area is protected via SSL and
transport guarantee stanzas
<security-constraint>
<web-resource-collection>
<web-resource-name>ScoutGroup-Secure</web-resource-name>
<url-pattern>/members/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>member</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I understand that this should force any
http://localhost:8080/scoutgroup/members request to switch to
https://localhost:8443/scoutgroup/members. Under Netscape it does and I am
notified that I am going to a secure page, prompted to accept the SSL
certificate then driven through my logon.jsp to
response.encodeURL("j_security_check"). Under IE, however, I am notified
that I am going to a secure page, prompted to accept the SSL certificate
then told the page cannot be found.
For testing purposes, I tried putting
http://localhost:8080/scoutgroup/members in the browser's address box.
The access log contains the following (with my annotations prefixed with
////)
//// Using IE
127.0.0.1 - - [09/Aug/2003:15:09:28 10000] "GET
/scoutgroup/members/index.jsp HTTP/1.1" 302 654
127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "GET
/scoutgroup/members/index.jsp HTTP/1.1" 302 654
127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "�� a� ]� ?4?
Yq8*+??R?I?T:?<?"??+?@?�AX?? /?4? HTTP/0.9" 501 988
//// Using Netscape
127.0.0.1 - - [09/Aug/2003:15:59:48 10000] "GET
/scoutgroup/members/index.jsp HTTP/1.1" 302 654
127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET
/scoutgroup/members/index.jsp HTTP/1.1" 302 654
127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET /scoutgroup/logon.jsp
HTTP/1.1" 200 576
127.0.0.1 - - [09/Aug/2003:16:01:07 10000] "POST
/scoutgroup/j_security_check HTTP/1.1" 302 654
127.0.0.1 - nichm001 [09/Aug/2003:16:01:07 10000] "GET
/scoutgroup/members/index.jsp HTTP/1.1" 200 427
Both browsers caused the same response (SC_MOVED_TEMPORARILY/302) as they
attempted to navigate to the security check but then IE generated something
very peculiar and appeared to try to renegotiate the protocol to http/0.9
before giving up.
I've checked the logs - can't find anything more informative than above.
I've tried running Tomcat via the "catalina run" command line option but
there is no extra info there either.
I know I can modify my code to always force the full path into hyperlinks
but that's not good programming and has enormous potential for maintenance
problems.
Where do I look now?
Murray
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Automatic switch from http to https doesn't work for IE, does for Netscape
Posted by Bill Barker <wb...@wilshire.com>.
This is a known problem with MSIE. See
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 for more details.
"Murray" <mp...@optusnet.com.au> wrote in message
news:LMBBJNLPJFAIDFGFBMPDMEDBDPAA.mpnix@optusnet.com.au...
> Tomcat 4.0.6
> Windows 2000
> IE 5, SP3
> Netscape 7.02
>
>
> I have a website which is part public, part secure. There are html
entries
> such as "< a href=members/index.jsp >" in the public area which will
> jump to the secure area. The site is entered, by default using
> http://localhost:8080 but the members area is protected via SSL and
> transport guarantee stanzas
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>ScoutGroup-Secure</web-resource-name>
> <url-pattern>/members/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>member</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> I understand that this should force any
> http://localhost:8080/scoutgroup/members request to switch to
> https://localhost:8443/scoutgroup/members. Under Netscape it does and I
am
> notified that I am going to a secure page, prompted to accept the SSL
> certificate then driven through my logon.jsp to
> response.encodeURL("j_security_check"). Under IE, however, I am notified
> that I am going to a secure page, prompted to accept the SSL certificate
> then told the page cannot be found.
>
> For testing purposes, I tried putting
> http://localhost:8080/scoutgroup/members in the browser's address box.
>
> The access log contains the following (with my annotations prefixed with
> ////)
> //// Using IE
> 127.0.0.1 - - [09/Aug/2003:15:09:28 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 302 654
> 127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 302 654
> 127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "�� a� ]� ?4?
> Yq8*+??R?I?T:?<?"??+?@?�AX?? /?4? HTTP/0.9" 501 988
>
> //// Using Netscape
> 127.0.0.1 - - [09/Aug/2003:15:59:48 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 302 654
> 127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 302 654
> 127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET /scoutgroup/logon.jsp
> HTTP/1.1" 200 576
> 127.0.0.1 - - [09/Aug/2003:16:01:07 10000] "POST
> /scoutgroup/j_security_check HTTP/1.1" 302 654
> 127.0.0.1 - nichm001 [09/Aug/2003:16:01:07 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 200 427
>
>
>
> Both browsers caused the same response (SC_MOVED_TEMPORARILY/302) as they
> attempted to navigate to the security check but then IE generated
something
> very peculiar and appeared to try to renegotiate the protocol to http/0.9
> before giving up.
>
>
> I've checked the logs - can't find anything more informative than above.
>
> I've tried running Tomcat via the "catalina run" command line option but
> there is no extra info there either.
>
> I know I can modify my code to always force the full path into hyperlinks
> but that's not good programming and has enormous potential for maintenance
> problems.
>
> Where do I look now?
>
>
> Murray
Re: Automatic switch from http to https doesn't work for IE, does for Netscape
Posted by Bill Barker <wb...@wilshire.com>.
This is a known problem with MSIE. See
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 for more details.
"Murray" <mp...@optusnet.com.au> wrote in message
news:LMBBJNLPJFAIDFGFBMPDMEDBDPAA.mpnix@optusnet.com.au...
> Tomcat 4.0.6
> Windows 2000
> IE 5, SP3
> Netscape 7.02
>
>
> I have a website which is part public, part secure. There are html
entries
> such as "< a href=members/index.jsp >" in the public area which will
> jump to the secure area. The site is entered, by default using
> http://localhost:8080 but the members area is protected via SSL and
> transport guarantee stanzas
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>ScoutGroup-Secure</web-resource-name>
> <url-pattern>/members/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>member</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> I understand that this should force any
> http://localhost:8080/scoutgroup/members request to switch to
> https://localhost:8443/scoutgroup/members. Under Netscape it does and I
am
> notified that I am going to a secure page, prompted to accept the SSL
> certificate then driven through my logon.jsp to
> response.encodeURL("j_security_check"). Under IE, however, I am notified
> that I am going to a secure page, prompted to accept the SSL certificate
> then told the page cannot be found.
>
> For testing purposes, I tried putting
> http://localhost:8080/scoutgroup/members in the browser's address box.
>
> The access log contains the following (with my annotations prefixed with
> ////)
> //// Using IE
> 127.0.0.1 - - [09/Aug/2003:15:09:28 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 302 654
> 127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 302 654
> 127.0.0.1 - - [09/Aug/2003:15:09:30 10000] "�� a� ]� ?4?
> Yq8*+??R?I?T:?<?"??+?@?�AX?? /?4? HTTP/0.9" 501 988
>
> //// Using Netscape
> 127.0.0.1 - - [09/Aug/2003:15:59:48 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 302 654
> 127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 302 654
> 127.0.0.1 - - [09/Aug/2003:15:59:50 10000] "GET /scoutgroup/logon.jsp
> HTTP/1.1" 200 576
> 127.0.0.1 - - [09/Aug/2003:16:01:07 10000] "POST
> /scoutgroup/j_security_check HTTP/1.1" 302 654
> 127.0.0.1 - nichm001 [09/Aug/2003:16:01:07 10000] "GET
> /scoutgroup/members/index.jsp HTTP/1.1" 200 427
>
>
>
> Both browsers caused the same response (SC_MOVED_TEMPORARILY/302) as they
> attempted to navigate to the security check but then IE generated
something
> very peculiar and appeared to try to renegotiate the protocol to http/0.9
> before giving up.
>
>
> I've checked the logs - can't find anything more informative than above.
>
> I've tried running Tomcat via the "catalina run" command line option but
> there is no extra info there either.
>
> I know I can modify my code to always force the full path into hyperlinks
> but that's not good programming and has enormous potential for maintenance
> problems.
>
> Where do I look now?
>
>
> Murray
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org