You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by christianhau <ch...@gmail.com> on 2007/07/06 09:26:24 UTC
How to remove port number from https adress and redirect http to
https
Hi!
I have set up a tomcat server with ssl that works fine as long as I go to
the adress https://adress:8443 I want to get rid of the port number, is
there any easy way to do this so that tomcat understands the https request
that comes in?
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" keystorePass="changeit" sslProtocol="TLS"
keystoreFile="/root/.keystore"
truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts" />
This is my ssl connector in my server.xml. I tried getting a redirct from
http to https going but couldn't do that in tomcat alone, any tips on that
aswell? I have done this:
<Connector port="8080" protocol="HTTP/1.1"
redirectPort="8443" />
With no luck... Thanks for any help!!
--
View this message in context: http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to remove port number from https adress and redirect http
to https
Posted by christianhau <ch...@gmail.com>.
Thanks!!
That got rid of one of my problems.. Any clue on how to do a redirect from
http to https? Changed the portnumber from 8080 to 80 and the redirect to
443 but nothing happens..
Rene Guenther-2 wrote:
>
> Hi Christian,
>
> you have to replace all 8080 with 80 and all 8443 with
> 443. 80 is standard port for http and 443 is standard port
> for https. So if the URL is https://adress, the client
> requests the service via port 443.
> Tomcat uses different ports to avoid port conflicts with
> other application servers running on the same machine at
> the same time.
>
>
> René
>
> On Fri, 6 Jul 2007 00:26:24 -0700 (PDT)
> christianhau <ch...@gmail.com> wrote:
>>
>> Hi!
>>
>> I have set up a tomcat server with ssl that works fine
>>as long as I go to
>> the adress https://adress:8443 I want to get rid of the
>>port number, is
>> there any easy way to do this so that tomcat understands
>>the https request
>> that comes in?
>>
>> <Connector port="8443" protocol="HTTP/1.1"
>>SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>> clientAuth="false" keystorePass="changeit"
>>sslProtocol="TLS"
>> keystoreFile="/root/.keystore"
>> truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts"
>>/>
>>
>> This is my ssl connector in my server.xml. I tried
>>getting a redirct from
>> http to https going but couldn't do that in tomcat
>>alone, any tips on that
>> aswell? I have done this:
>>
>> <Connector port="8080" protocol="HTTP/1.1"
>>
>> redirectPort="8443" />
>>
>> With no luck... Thanks for any help!!
>> --
>> View this message in context:
>>http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871
>> Sent from the Tomcat - User mailing list archive at
>>Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail:
>>users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail:
>>users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11460012
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to remove port number from https adress and redirect
http to https
Posted by Rene Guenther <in...@innflow.com>.
Hi Christian,
you have to replace all 8080 with 80 and all 8443 with
443. 80 is standard port for http and 443 is standard port
for https. So if the URL is https://adress, the client
requests the service via port 443.
Tomcat uses different ports to avoid port conflicts with
other application servers running on the same machine at
the same time.
René
On Fri, 6 Jul 2007 00:26:24 -0700 (PDT)
christianhau <ch...@gmail.com> wrote:
>
> Hi!
>
> I have set up a tomcat server with ssl that works fine
>as long as I go to
> the adress https://adress:8443 I want to get rid of the
>port number, is
> there any easy way to do this so that tomcat understands
>the https request
> that comes in?
>
> <Connector port="8443" protocol="HTTP/1.1"
>SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" keystorePass="changeit"
>sslProtocol="TLS"
> keystoreFile="/root/.keystore"
> truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts"
>/>
>
> This is my ssl connector in my server.xml. I tried
>getting a redirct from
> http to https going but couldn't do that in tomcat
>alone, any tips on that
> aswell? I have done this:
>
> <Connector port="8080" protocol="HTTP/1.1"
>
> redirectPort="8443" />
>
> With no luck... Thanks for any help!!
> --
> View this message in context:
>http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871
> Sent from the Tomcat - User mailing list archive at
>Nabble.com.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail:
>users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail:
>users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to remove port number from https adress and redirect http to https
Posted by Lyallex <ly...@gmail.com>.
I forgot to mention
http://java.sun.com/j2ee/dtds/web-app_2_2.dtd
will tell you wherabouts to put the filter mapping in web.xml
Rgds
Duncan
On 7/9/07, Lyallex <ly...@gmail.com> wrote:
> Hello
>
> You 'put' them somewhere in you package hierarchy, so for example if
> you have the package structure com.barking.mad with servlets in
> com.barking.mad.servlets then you could put them in
> com.barking.mad.servlets.filters or wherever and package them up in
> your jar or war or whatever it is you are doing when you deploy your
> application.
>
> The filter mapping goes in web.xml
>
> Rgds
> Duncan
>
> On 7/9/07, christianhau <ch...@gmail.com> wrote:
> >
> > Thanks man :)
> >
> > About the filters, where do you implement them? I see they are in Java but
> > still don't know where to put them :) And where do you put the filter
> > mapping?
> >
> > Thanks!
> >
> >
> >
> > Lyallex wrote:
> > >
> > > Hi
> > >
> > > Ah, yes, well I'm not really an 'expert' myself but I have been through
> > > this
> > > recently.
> > >
> > > The first thing I would say is that the following looks different to my
> > > own
> > > config
> > >
> > > <url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
> > >
> > > here is one of my constraints
> > >
> > > <security-constraint>
> > > <display-name>Standard user constraint used for checkout and account
> > > modification</display-name>
> > > <web-resource-collection>
> > > <web-resource-name>my super new site</web-resource-name>
> > > <url-pattern>/user/LoginPreCheck</url-pattern>
> > > <url-pattern>/user/loggedin/*</url-pattern>
> > > </web-resource-collection>
> > > <auth-constraint>
> > > <role-name>wpcustomer</role-name>
> > > </auth-constraint>
> > > <user-data-constraint>
> > > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > > </user-data-constraint>
> > > </security-constraint>
> > >
> > > the url-pattern should be a relative path from the root of your
> > > application
> > > or some mapped path to a resource (experts correct me if I am wrong
> > > please).
> > > If you want everything protected then just use * (or /* I think actually).
> > >
> > > Now when a user tries this URL
> > > http://www.mywebapp.co.uk/user/loggedin/editAccount.jsp Tomcat
> > > automatically
> > > ''redirects' to https.
> > >
> > > As for the filter, well I'm a bit new to them as well. At the moment I
> > > have
> > > decided that as long as a user is logged in then I'd like the session to
> > > be
> > > secure. When they hit the logout button then I don't need secure I just
> > > need
> > > straight http.
> > >
> > > Here is my filter
> > >
> > > public class HttpsRedirectFilter implements Filter{
> > >
> > > ...
> > >
> > > public void doFilter(ServletRequest request, ServletResponse response,
> > > FilterChain chain) throws IOException, ServletException {
> > > if((request instanceof HttpServletRequest) && (response instanceof
> > > HttpServletResponse)){
> > > String redirectTarget =
> > > ((HttpServletRequest)request).getRequestURL().toString().replaceFirst("https",
> > > "http");
> > > if(request.isSecure()){
> > >
> > > ((HttpServletResponse)response).sendRedirect(redirectTarget);
> > > }
> > > else{
> > > chain.doFilter(request, response);
> > > }
> > > }
> > > }
> > >
> > > ...
> > >
> > > Very basic and primitive I'm sure but it does the job
> > >
> > > The filter is mapped to the /logout url thus
> > >
> > > <filter>
> > > <filter-name>redirectFilter</filter-name>
> > > <filter-class>com.foo.bar.baz.HttpsRedirectFilter</filter-class>
> > > </filter>
> > > <filter-mapping>
> > > <filter-name>redirectFilter</filter-name>
> > > <url-pattern>/logout</url-pattern>
> > > </filter-mapping>
> > >
> > > Anytime anyone logs out this filter fires and redirects to 'standard'
> > > http.
> > >
> > > Now of course the filter could be a lot more sophisticated but it proved
> > > the
> > > concept to me, now all I need is that little bit of 'majik'
> > >
> > > Hope all this helps.
> > >
> > > All criticism welcome
> > >
> > > Cheers
> > > Duncan
> > >
> > >
> > > On 7/6/07, christianhau <ch...@gmail.com> wrote:
> > >>
> > >>
> > >> Thanks man!
> > >>
> > >> I have tried a similar approach with the web.xml but no luck. This is
> > >> what
> > >> I
> > >> wrote in web.xml
> > >> <security-constraint>
> > >> <web-resource-collection>
> > >> <web-resource-name>Entire
> > >> Application</web-resource-name>
> > >>
> > >> <url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
> > >> </web-resource-collection>
> > >> <user-data-constraint>
> > >>
> > >> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > >> </user-data-constraint>
> > >> </security-constraint>
> > >>
> > >> Now I am not 100% sure if the pattern is correct, how would I check that?
> > >> And another thing, you mentioned a suitable servlet filter? How would you
> > >> go
> > >> about making a servlet filter for this purpose and where would you put
> > >> it?
> > >> As you can tell from my question I have little experience with servlet
> > >> filters..
> > >>
> > >> Thanks again :)
> > >>
> > >>
> > >>
> > >>
> > >> Lyallex wrote:
> > >> >
> > >> > Hi
> > >> >
> > >> > This is my first contribution to this list and I expect others will
> > >> have
> > >> > better ways of doing it but ...
> > >> >
> > >> > The way I managed to get his working is to set the ssl connector port
> > >> to
> > >> > the
> > >> > default ssl port (443)
> > >> > and my non-ssl connector port to the default http port (80)
> > >> > Obviously there are issues starting Tomcat on these ports on *NIX
> > >> systems
> > >> > but judging by the following
> > >> > entry in your ssl connector (keystoreFile="/root/.keystore") you appear
> > >> to
> > >> > have access to root.
> > >> >
> > >> > That should do it
> > >> >
> > >> > Also in my etc/hosts file I have set 127.0.0.1 www.mywebapp.co.uk and
> > >> my
> > >> > app is the root web app
> > >> >
> > >> > so now, combined with the following in web.xml
> > >> >
> > >> > <security-constraint>
> > >> > ...
> > >> > <user-data-constraint>
> > >> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > >> > </user-data-constraint>
> > >> > ...
> > >> > </security-constraint>
> > >> >
> > >> > and a suitable servlet filter I can switch between http and https
> > >> almost
> > >> > at
> > >> > will with no messing about with ports just by asking for
> > >> > http://www.mywebapp.co.uk
> > >> >
> > >> > Hope this helps
> > >> >
> > >> > Cheers
> > >> > Duncan
> > >> >
> > >> >
> > >> > On 7/6/07, christianhau <ch...@gmail.com> wrote:
> > >> >>
> > >> >>
> > >> >> Hi!
> > >> >>
> > >> >> I have set up a tomcat server with ssl that works fine as long as I go
> > >> to
> > >> >> the adress https://adress:8443 I want to get rid of the port number,
> > >> is
> > >> >> there any easy way to do this so that tomcat understands the https
> > >> >> request
> > >> >> that comes in?
> > >> >>
> > >> >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> > >> >> maxThreads="150" scheme="https" secure="true"
> > >> >> clientAuth="false" keystorePass="changeit" sslProtocol="TLS"
> > >> >> keystoreFile="/root/.keystore"
> > >> >> truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts"
> > >> />
> > >> >>
> > >> >> This is my ssl connector in my server.xml. I tried getting a redirct
> > >> from
> > >> >> http to https going but couldn't do that in tomcat alone, any tips on
> > >> >> that
> > >> >> aswell? I have done this:
> > >> >>
> > >> >> <Connector port="8080" protocol="HTTP/1.1"
> > >> >>
> > >> >> redirectPort="8443" />
> > >> >>
> > >> >> With no luck... Thanks for any help!!
> > >> >> --
> > >> >> View this message in context:
> > >> >>
> > >> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871
> > >> >> Sent from the Tomcat - User mailing list archive at Nabble.com.
> > >> >>
> > >> >>
> > >> >> ---------------------------------------------------------------------
> > >> >> To start a new topic, e-mail: users@tomcat.apache.org
> > >> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > >> >> For additional commands, e-mail: users-help@tomcat.apache.org
> > >> >>
> > >> >>
> > >> >
> > >> >
> > >>
> > >> --
> > >> View this message in context:
> > >> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11462081
> > >> Sent from the Tomcat - User mailing list archive at Nabble.com.
> > >>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To start a new topic, e-mail: users@tomcat.apache.org
> > >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > >> For additional commands, e-mail: users-help@tomcat.apache.org
> > >>
> > >>
> > >
> > >
> >
> > --
> > View this message in context: http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11496915
> > Sent from the Tomcat - User mailing list archive at Nabble.com.
> >
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to remove port number from https adress and redirect http to https
Posted by Lyallex <ly...@gmail.com>.
Hello
You 'put' them somewhere in you package hierarchy, so for example if
you have the package structure com.barking.mad with servlets in
com.barking.mad.servlets then you could put them in
com.barking.mad.servlets.filters or wherever and package them up in
your jar or war or whatever it is you are doing when you deploy your
application.
The filter mapping goes in web.xml
Rgds
Duncan
On 7/9/07, christianhau <ch...@gmail.com> wrote:
>
> Thanks man :)
>
> About the filters, where do you implement them? I see they are in Java but
> still don't know where to put them :) And where do you put the filter
> mapping?
>
> Thanks!
>
>
>
> Lyallex wrote:
> >
> > Hi
> >
> > Ah, yes, well I'm not really an 'expert' myself but I have been through
> > this
> > recently.
> >
> > The first thing I would say is that the following looks different to my
> > own
> > config
> >
> > <url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
> >
> > here is one of my constraints
> >
> > <security-constraint>
> > <display-name>Standard user constraint used for checkout and account
> > modification</display-name>
> > <web-resource-collection>
> > <web-resource-name>my super new site</web-resource-name>
> > <url-pattern>/user/LoginPreCheck</url-pattern>
> > <url-pattern>/user/loggedin/*</url-pattern>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>wpcustomer</role-name>
> > </auth-constraint>
> > <user-data-constraint>
> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > </user-data-constraint>
> > </security-constraint>
> >
> > the url-pattern should be a relative path from the root of your
> > application
> > or some mapped path to a resource (experts correct me if I am wrong
> > please).
> > If you want everything protected then just use * (or /* I think actually).
> >
> > Now when a user tries this URL
> > http://www.mywebapp.co.uk/user/loggedin/editAccount.jsp Tomcat
> > automatically
> > ''redirects' to https.
> >
> > As for the filter, well I'm a bit new to them as well. At the moment I
> > have
> > decided that as long as a user is logged in then I'd like the session to
> > be
> > secure. When they hit the logout button then I don't need secure I just
> > need
> > straight http.
> >
> > Here is my filter
> >
> > public class HttpsRedirectFilter implements Filter{
> >
> > ...
> >
> > public void doFilter(ServletRequest request, ServletResponse response,
> > FilterChain chain) throws IOException, ServletException {
> > if((request instanceof HttpServletRequest) && (response instanceof
> > HttpServletResponse)){
> > String redirectTarget =
> > ((HttpServletRequest)request).getRequestURL().toString().replaceFirst("https",
> > "http");
> > if(request.isSecure()){
> >
> > ((HttpServletResponse)response).sendRedirect(redirectTarget);
> > }
> > else{
> > chain.doFilter(request, response);
> > }
> > }
> > }
> >
> > ...
> >
> > Very basic and primitive I'm sure but it does the job
> >
> > The filter is mapped to the /logout url thus
> >
> > <filter>
> > <filter-name>redirectFilter</filter-name>
> > <filter-class>com.foo.bar.baz.HttpsRedirectFilter</filter-class>
> > </filter>
> > <filter-mapping>
> > <filter-name>redirectFilter</filter-name>
> > <url-pattern>/logout</url-pattern>
> > </filter-mapping>
> >
> > Anytime anyone logs out this filter fires and redirects to 'standard'
> > http.
> >
> > Now of course the filter could be a lot more sophisticated but it proved
> > the
> > concept to me, now all I need is that little bit of 'majik'
> >
> > Hope all this helps.
> >
> > All criticism welcome
> >
> > Cheers
> > Duncan
> >
> >
> > On 7/6/07, christianhau <ch...@gmail.com> wrote:
> >>
> >>
> >> Thanks man!
> >>
> >> I have tried a similar approach with the web.xml but no luck. This is
> >> what
> >> I
> >> wrote in web.xml
> >> <security-constraint>
> >> <web-resource-collection>
> >> <web-resource-name>Entire
> >> Application</web-resource-name>
> >>
> >> <url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
> >> </web-resource-collection>
> >> <user-data-constraint>
> >>
> >> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> >> </user-data-constraint>
> >> </security-constraint>
> >>
> >> Now I am not 100% sure if the pattern is correct, how would I check that?
> >> And another thing, you mentioned a suitable servlet filter? How would you
> >> go
> >> about making a servlet filter for this purpose and where would you put
> >> it?
> >> As you can tell from my question I have little experience with servlet
> >> filters..
> >>
> >> Thanks again :)
> >>
> >>
> >>
> >>
> >> Lyallex wrote:
> >> >
> >> > Hi
> >> >
> >> > This is my first contribution to this list and I expect others will
> >> have
> >> > better ways of doing it but ...
> >> >
> >> > The way I managed to get his working is to set the ssl connector port
> >> to
> >> > the
> >> > default ssl port (443)
> >> > and my non-ssl connector port to the default http port (80)
> >> > Obviously there are issues starting Tomcat on these ports on *NIX
> >> systems
> >> > but judging by the following
> >> > entry in your ssl connector (keystoreFile="/root/.keystore") you appear
> >> to
> >> > have access to root.
> >> >
> >> > That should do it
> >> >
> >> > Also in my etc/hosts file I have set 127.0.0.1 www.mywebapp.co.uk and
> >> my
> >> > app is the root web app
> >> >
> >> > so now, combined with the following in web.xml
> >> >
> >> > <security-constraint>
> >> > ...
> >> > <user-data-constraint>
> >> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> >> > </user-data-constraint>
> >> > ...
> >> > </security-constraint>
> >> >
> >> > and a suitable servlet filter I can switch between http and https
> >> almost
> >> > at
> >> > will with no messing about with ports just by asking for
> >> > http://www.mywebapp.co.uk
> >> >
> >> > Hope this helps
> >> >
> >> > Cheers
> >> > Duncan
> >> >
> >> >
> >> > On 7/6/07, christianhau <ch...@gmail.com> wrote:
> >> >>
> >> >>
> >> >> Hi!
> >> >>
> >> >> I have set up a tomcat server with ssl that works fine as long as I go
> >> to
> >> >> the adress https://adress:8443 I want to get rid of the port number,
> >> is
> >> >> there any easy way to do this so that tomcat understands the https
> >> >> request
> >> >> that comes in?
> >> >>
> >> >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> >> >> maxThreads="150" scheme="https" secure="true"
> >> >> clientAuth="false" keystorePass="changeit" sslProtocol="TLS"
> >> >> keystoreFile="/root/.keystore"
> >> >> truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts"
> >> />
> >> >>
> >> >> This is my ssl connector in my server.xml. I tried getting a redirct
> >> from
> >> >> http to https going but couldn't do that in tomcat alone, any tips on
> >> >> that
> >> >> aswell? I have done this:
> >> >>
> >> >> <Connector port="8080" protocol="HTTP/1.1"
> >> >>
> >> >> redirectPort="8443" />
> >> >>
> >> >> With no luck... Thanks for any help!!
> >> >> --
> >> >> View this message in context:
> >> >>
> >> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871
> >> >> Sent from the Tomcat - User mailing list archive at Nabble.com.
> >> >>
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To start a new topic, e-mail: users@tomcat.apache.org
> >> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >> >>
> >> >>
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11462081
> >> Sent from the Tomcat - User mailing list archive at Nabble.com.
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To start a new topic, e-mail: users@tomcat.apache.org
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
> >
>
> --
> View this message in context: http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11496915
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to remove port number from https adress and redirect http
to https
Posted by christianhau <ch...@gmail.com>.
Thanks man :)
About the filters, where do you implement them? I see they are in Java but
still don't know where to put them :) And where do you put the filter
mapping?
Thanks!
Lyallex wrote:
>
> Hi
>
> Ah, yes, well I'm not really an 'expert' myself but I have been through
> this
> recently.
>
> The first thing I would say is that the following looks different to my
> own
> config
>
> <url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
>
> here is one of my constraints
>
> <security-constraint>
> <display-name>Standard user constraint used for checkout and account
> modification</display-name>
> <web-resource-collection>
> <web-resource-name>my super new site</web-resource-name>
> <url-pattern>/user/LoginPreCheck</url-pattern>
> <url-pattern>/user/loggedin/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>wpcustomer</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> the url-pattern should be a relative path from the root of your
> application
> or some mapped path to a resource (experts correct me if I am wrong
> please).
> If you want everything protected then just use * (or /* I think actually).
>
> Now when a user tries this URL
> http://www.mywebapp.co.uk/user/loggedin/editAccount.jsp Tomcat
> automatically
> ''redirects' to https.
>
> As for the filter, well I'm a bit new to them as well. At the moment I
> have
> decided that as long as a user is logged in then I'd like the session to
> be
> secure. When they hit the logout button then I don't need secure I just
> need
> straight http.
>
> Here is my filter
>
> public class HttpsRedirectFilter implements Filter{
>
> ...
>
> public void doFilter(ServletRequest request, ServletResponse response,
> FilterChain chain) throws IOException, ServletException {
> if((request instanceof HttpServletRequest) && (response instanceof
> HttpServletResponse)){
> String redirectTarget =
> ((HttpServletRequest)request).getRequestURL().toString().replaceFirst("https",
> "http");
> if(request.isSecure()){
>
> ((HttpServletResponse)response).sendRedirect(redirectTarget);
> }
> else{
> chain.doFilter(request, response);
> }
> }
> }
>
> ...
>
> Very basic and primitive I'm sure but it does the job
>
> The filter is mapped to the /logout url thus
>
> <filter>
> <filter-name>redirectFilter</filter-name>
> <filter-class>com.foo.bar.baz.HttpsRedirectFilter</filter-class>
> </filter>
> <filter-mapping>
> <filter-name>redirectFilter</filter-name>
> <url-pattern>/logout</url-pattern>
> </filter-mapping>
>
> Anytime anyone logs out this filter fires and redirects to 'standard'
> http.
>
> Now of course the filter could be a lot more sophisticated but it proved
> the
> concept to me, now all I need is that little bit of 'majik'
>
> Hope all this helps.
>
> All criticism welcome
>
> Cheers
> Duncan
>
>
> On 7/6/07, christianhau <ch...@gmail.com> wrote:
>>
>>
>> Thanks man!
>>
>> I have tried a similar approach with the web.xml but no luck. This is
>> what
>> I
>> wrote in web.xml
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>Entire
>> Application</web-resource-name>
>>
>> <url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
>> </web-resource-collection>
>> <user-data-constraint>
>>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>>
>> Now I am not 100% sure if the pattern is correct, how would I check that?
>> And another thing, you mentioned a suitable servlet filter? How would you
>> go
>> about making a servlet filter for this purpose and where would you put
>> it?
>> As you can tell from my question I have little experience with servlet
>> filters..
>>
>> Thanks again :)
>>
>>
>>
>>
>> Lyallex wrote:
>> >
>> > Hi
>> >
>> > This is my first contribution to this list and I expect others will
>> have
>> > better ways of doing it but ...
>> >
>> > The way I managed to get his working is to set the ssl connector port
>> to
>> > the
>> > default ssl port (443)
>> > and my non-ssl connector port to the default http port (80)
>> > Obviously there are issues starting Tomcat on these ports on *NIX
>> systems
>> > but judging by the following
>> > entry in your ssl connector (keystoreFile="/root/.keystore") you appear
>> to
>> > have access to root.
>> >
>> > That should do it
>> >
>> > Also in my etc/hosts file I have set 127.0.0.1 www.mywebapp.co.uk and
>> my
>> > app is the root web app
>> >
>> > so now, combined with the following in web.xml
>> >
>> > <security-constraint>
>> > ...
>> > <user-data-constraint>
>> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> > </user-data-constraint>
>> > ...
>> > </security-constraint>
>> >
>> > and a suitable servlet filter I can switch between http and https
>> almost
>> > at
>> > will with no messing about with ports just by asking for
>> > http://www.mywebapp.co.uk
>> >
>> > Hope this helps
>> >
>> > Cheers
>> > Duncan
>> >
>> >
>> > On 7/6/07, christianhau <ch...@gmail.com> wrote:
>> >>
>> >>
>> >> Hi!
>> >>
>> >> I have set up a tomcat server with ssl that works fine as long as I go
>> to
>> >> the adress https://adress:8443 I want to get rid of the port number,
>> is
>> >> there any easy way to do this so that tomcat understands the https
>> >> request
>> >> that comes in?
>> >>
>> >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>> >> maxThreads="150" scheme="https" secure="true"
>> >> clientAuth="false" keystorePass="changeit" sslProtocol="TLS"
>> >> keystoreFile="/root/.keystore"
>> >> truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts"
>> />
>> >>
>> >> This is my ssl connector in my server.xml. I tried getting a redirct
>> from
>> >> http to https going but couldn't do that in tomcat alone, any tips on
>> >> that
>> >> aswell? I have done this:
>> >>
>> >> <Connector port="8080" protocol="HTTP/1.1"
>> >>
>> >> redirectPort="8443" />
>> >>
>> >> With no luck... Thanks for any help!!
>> >> --
>> >> View this message in context:
>> >>
>> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871
>> >> Sent from the Tomcat - User mailing list archive at Nabble.com.
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To start a new topic, e-mail: users@tomcat.apache.org
>> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>
>> >>
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11462081
>> Sent from the Tomcat - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
--
View this message in context: http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11496915
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to remove port number from https adress and redirect http to https
Posted by Lyallex <ly...@gmail.com>.
Hi
Ah, yes, well I'm not really an 'expert' myself but I have been through this
recently.
The first thing I would say is that the following looks different to my own
config
<url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
here is one of my constraints
<security-constraint>
<display-name>Standard user constraint used for checkout and account
modification</display-name>
<web-resource-collection>
<web-resource-name>my super new site</web-resource-name>
<url-pattern>/user/LoginPreCheck</url-pattern>
<url-pattern>/user/loggedin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>wpcustomer</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
the url-pattern should be a relative path from the root of your application
or some mapped path to a resource (experts correct me if I am wrong please).
If you want everything protected then just use * (or /* I think actually).
Now when a user tries this URL
http://www.mywebapp.co.uk/user/loggedin/editAccount.jsp Tomcat automatically
''redirects' to https.
As for the filter, well I'm a bit new to them as well. At the moment I have
decided that as long as a user is logged in then I'd like the session to be
secure. When they hit the logout button then I don't need secure I just need
straight http.
Here is my filter
public class HttpsRedirectFilter implements Filter{
...
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if((request instanceof HttpServletRequest) && (response instanceof
HttpServletResponse)){
String redirectTarget =
((HttpServletRequest)request).getRequestURL().toString().replaceFirst("https",
"http");
if(request.isSecure()){
((HttpServletResponse)response).sendRedirect(redirectTarget);
}
else{
chain.doFilter(request, response);
}
}
}
...
Very basic and primitive I'm sure but it does the job
The filter is mapped to the /logout url thus
<filter>
<filter-name>redirectFilter</filter-name>
<filter-class>com.foo.bar.baz.HttpsRedirectFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>redirectFilter</filter-name>
<url-pattern>/logout</url-pattern>
</filter-mapping>
Anytime anyone logs out this filter fires and redirects to 'standard' http.
Now of course the filter could be a lot more sophisticated but it proved the
concept to me, now all I need is that little bit of 'majik'
Hope all this helps.
All criticism welcome
Cheers
Duncan
On 7/6/07, christianhau <ch...@gmail.com> wrote:
>
>
> Thanks man!
>
> I have tried a similar approach with the web.xml but no luck. This is what
> I
> wrote in web.xml
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Entire
> Application</web-resource-name>
>
> <url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
> </web-resource-collection>
> <user-data-constraint>
>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> Now I am not 100% sure if the pattern is correct, how would I check that?
> And another thing, you mentioned a suitable servlet filter? How would you
> go
> about making a servlet filter for this purpose and where would you put it?
> As you can tell from my question I have little experience with servlet
> filters..
>
> Thanks again :)
>
>
>
>
> Lyallex wrote:
> >
> > Hi
> >
> > This is my first contribution to this list and I expect others will have
> > better ways of doing it but ...
> >
> > The way I managed to get his working is to set the ssl connector port to
> > the
> > default ssl port (443)
> > and my non-ssl connector port to the default http port (80)
> > Obviously there are issues starting Tomcat on these ports on *NIX
> systems
> > but judging by the following
> > entry in your ssl connector (keystoreFile="/root/.keystore") you appear
> to
> > have access to root.
> >
> > That should do it
> >
> > Also in my etc/hosts file I have set 127.0.0.1 www.mywebapp.co.uk and
> my
> > app is the root web app
> >
> > so now, combined with the following in web.xml
> >
> > <security-constraint>
> > ...
> > <user-data-constraint>
> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > </user-data-constraint>
> > ...
> > </security-constraint>
> >
> > and a suitable servlet filter I can switch between http and https almost
> > at
> > will with no messing about with ports just by asking for
> > http://www.mywebapp.co.uk
> >
> > Hope this helps
> >
> > Cheers
> > Duncan
> >
> >
> > On 7/6/07, christianhau <ch...@gmail.com> wrote:
> >>
> >>
> >> Hi!
> >>
> >> I have set up a tomcat server with ssl that works fine as long as I go
> to
> >> the adress https://adress:8443 I want to get rid of the port number, is
> >> there any easy way to do this so that tomcat understands the https
> >> request
> >> that comes in?
> >>
> >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> >> maxThreads="150" scheme="https" secure="true"
> >> clientAuth="false" keystorePass="changeit" sslProtocol="TLS"
> >> keystoreFile="/root/.keystore"
> >> truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts"
> />
> >>
> >> This is my ssl connector in my server.xml. I tried getting a redirct
> from
> >> http to https going but couldn't do that in tomcat alone, any tips on
> >> that
> >> aswell? I have done this:
> >>
> >> <Connector port="8080" protocol="HTTP/1.1"
> >>
> >> redirectPort="8443" />
> >>
> >> With no luck... Thanks for any help!!
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871
> >> Sent from the Tomcat - User mailing list archive at Nabble.com.
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To start a new topic, e-mail: users@tomcat.apache.org
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11462081
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: How to remove port number from https adress and redirect http
to https
Posted by christianhau <ch...@gmail.com>.
Thanks :)
Now for some questions.. Didn't you have to configure any filters for this?
I tried using the * but no luck.
Rene Guenther-2 wrote:
>
> Not sure wether this could help:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>all-except-attachments</web-resource-name>
> <url-pattern>*.js</url-pattern>
> <url-pattern>*.jsp</url-pattern>
> <url-pattern>*.jspa</url-pattern>
> <url-pattern>*.css</url-pattern>
> <url-pattern>/browse/*</url-pattern>
> </web-resource-collection>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> I needed those to configure JIRA to do everything via SSL
> ->
> http://confluence.atlassian.com/display/JIRA/Running+JIRA+over+SSL+or+HTTPS
>
> So maybe you miss the *?
>
> René
>
>
> On Fri, 6 Jul 2007 03:40:50 -0700 (PDT)
> christianhau <ch...@gmail.com> wrote:
>>
>> Thanks man!
>>
>> I have tried a similar approach with the web.xml but no
>>luck. This is what I
>> wrote in web.xml
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>Entire
>> Application</web-resource-name>
>>
>> <url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
>> </web-resource-collection>
>> <user-data-constraint>
>>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>>
>> Now I am not 100% sure if the pattern is correct, how
>>would I check that?
>> And another thing, you mentioned a suitable servlet
>>filter? How would you go
>> about making a servlet filter for this purpose and where
>>would you put it?
>> As you can tell from my question I have little
>>experience with servlet
>> filters..
>>
>> Thanks again :)
>>
>>
>>
>>
>> Lyallex wrote:
>>>
>>> Hi
>>>
>>> This is my first contribution to this list and I expect
>>>others will have
>>> better ways of doing it but ...
>>>
>>> The way I managed to get his working is to set the ssl
>>>connector port to
>>> the
>>> default ssl port (443)
>>> and my non-ssl connector port to the default http port
>>>(80)
>>> Obviously there are issues starting Tomcat on these
>>>ports on *NIX systems
>>> but judging by the following
>>> entry in your ssl connector
>>>(keystoreFile="/root/.keystore") you appear to
>>> have access to root.
>>>
>>> That should do it
>>>
>>> Also in my etc/hosts file I have set 127.0.0.1
>>> www.mywebapp.co.uk and my
>>> app is the root web app
>>>
>>> so now, combined with the following in web.xml
>>>
>>> <security-constraint>
>>> ...
>>> <user-data-constraint>
>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>> </user-data-constraint>
>>> ...
>>> </security-constraint>
>>>
>>> and a suitable servlet filter I can switch between http
>>>and https almost
>>> at
>>> will with no messing about with ports just by asking for
>>> http://www.mywebapp.co.uk
>>>
>>> Hope this helps
>>>
>>> Cheers
>>> Duncan
>>>
>>>
>>> On 7/6/07, christianhau <ch...@gmail.com> wrote:
>>>>
>>>>
>>>> Hi!
>>>>
>>>> I have set up a tomcat server with ssl that works fine
>>>>as long as I go to
>>>> the adress https://adress:8443 I want to get rid of the
>>>>port number, is
>>>> there any easy way to do this so that tomcat understands
>>>>the https
>>>> request
>>>> that comes in?
>>>>
>>>> <Connector port="8443" protocol="HTTP/1.1"
>>>>SSLEnabled="true"
>>>> maxThreads="150" scheme="https" secure="true"
>>>> clientAuth="false" keystorePass="changeit"
>>>>sslProtocol="TLS"
>>>> keystoreFile="/root/.keystore"
>>>> truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts"
>>>>/>
>>>>
>>>> This is my ssl connector in my server.xml. I tried
>>>>getting a redirct from
>>>> http to https going but couldn't do that in tomcat
>>>>alone, any tips on
>>>> that
>>>> aswell? I have done this:
>>>>
>>>> <Connector port="8080" protocol="HTTP/1.1"
>>>>
>>>> redirectPort="8443" />
>>>>
>>>> With no luck... Thanks for any help!!
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871
>>>> Sent from the Tomcat - User mailing list archive at
>>>>Nabble.com.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To start a new topic, e-mail: users@tomcat.apache.org
>>>> To unsubscribe, e-mail:
>>>>users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail:
>>>>users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>>
>>
>> --
>> View this message in context:
>>http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11462081
>> Sent from the Tomcat - User mailing list archive at
>>Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail:
>>users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail:
>>users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11496905
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to remove port number from https adress and redirect
http to https
Posted by Rene Guenther <in...@innflow.com>.
Not sure wether this could help:
<security-constraint>
<web-resource-collection>
<web-resource-name>all-except-attachments</web-resource-name>
<url-pattern>*.js</url-pattern>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.jspa</url-pattern>
<url-pattern>*.css</url-pattern>
<url-pattern>/browse/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I needed those to configure JIRA to do everything via SSL
->
http://confluence.atlassian.com/display/JIRA/Running+JIRA+over+SSL+or+HTTPS
So maybe you miss the *?
René
On Fri, 6 Jul 2007 03:40:50 -0700 (PDT)
christianhau <ch...@gmail.com> wrote:
>
> Thanks man!
>
> I have tried a similar approach with the web.xml but no
>luck. This is what I
> wrote in web.xml
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Entire
> Application</web-resource-name>
>
> <url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
> </web-resource-collection>
> <user-data-constraint>
>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> Now I am not 100% sure if the pattern is correct, how
>would I check that?
> And another thing, you mentioned a suitable servlet
>filter? How would you go
> about making a servlet filter for this purpose and where
>would you put it?
> As you can tell from my question I have little
>experience with servlet
> filters..
>
> Thanks again :)
>
>
>
>
> Lyallex wrote:
>>
>> Hi
>>
>> This is my first contribution to this list and I expect
>>others will have
>> better ways of doing it but ...
>>
>> The way I managed to get his working is to set the ssl
>>connector port to
>> the
>> default ssl port (443)
>> and my non-ssl connector port to the default http port
>>(80)
>> Obviously there are issues starting Tomcat on these
>>ports on *NIX systems
>> but judging by the following
>> entry in your ssl connector
>>(keystoreFile="/root/.keystore") you appear to
>> have access to root.
>>
>> That should do it
>>
>> Also in my etc/hosts file I have set 127.0.0.1
>> www.mywebapp.co.uk and my
>> app is the root web app
>>
>> so now, combined with the following in web.xml
>>
>> <security-constraint>
>> ...
>> <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>> ...
>> </security-constraint>
>>
>> and a suitable servlet filter I can switch between http
>>and https almost
>> at
>> will with no messing about with ports just by asking for
>> http://www.mywebapp.co.uk
>>
>> Hope this helps
>>
>> Cheers
>> Duncan
>>
>>
>> On 7/6/07, christianhau <ch...@gmail.com> wrote:
>>>
>>>
>>> Hi!
>>>
>>> I have set up a tomcat server with ssl that works fine
>>>as long as I go to
>>> the adress https://adress:8443 I want to get rid of the
>>>port number, is
>>> there any easy way to do this so that tomcat understands
>>>the https
>>> request
>>> that comes in?
>>>
>>> <Connector port="8443" protocol="HTTP/1.1"
>>>SSLEnabled="true"
>>> maxThreads="150" scheme="https" secure="true"
>>> clientAuth="false" keystorePass="changeit"
>>>sslProtocol="TLS"
>>> keystoreFile="/root/.keystore"
>>> truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts"
>>>/>
>>>
>>> This is my ssl connector in my server.xml. I tried
>>>getting a redirct from
>>> http to https going but couldn't do that in tomcat
>>>alone, any tips on
>>> that
>>> aswell? I have done this:
>>>
>>> <Connector port="8080" protocol="HTTP/1.1"
>>>
>>> redirectPort="8443" />
>>>
>>> With no luck... Thanks for any help!!
>>> --
>>> View this message in context:
>>> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871
>>> Sent from the Tomcat - User mailing list archive at
>>>Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail:
>>>users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail:
>>>users-help@tomcat.apache.org
>>>
>>>
>>
>>
>
> --
> View this message in context:
>http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11462081
> Sent from the Tomcat - User mailing list archive at
>Nabble.com.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail:
>users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail:
>users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to remove port number from https adress and redirect http
to https
Posted by christianhau <ch...@gmail.com>.
Thanks man!
I have tried a similar approach with the web.xml but no luck. This is what I
wrote in web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire
Application</web-resource-name>
<url-pattern>/cas/WEB-INF/view/jsp/simple/ui</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Now I am not 100% sure if the pattern is correct, how would I check that?
And another thing, you mentioned a suitable servlet filter? How would you go
about making a servlet filter for this purpose and where would you put it?
As you can tell from my question I have little experience with servlet
filters..
Thanks again :)
Lyallex wrote:
>
> Hi
>
> This is my first contribution to this list and I expect others will have
> better ways of doing it but ...
>
> The way I managed to get his working is to set the ssl connector port to
> the
> default ssl port (443)
> and my non-ssl connector port to the default http port (80)
> Obviously there are issues starting Tomcat on these ports on *NIX systems
> but judging by the following
> entry in your ssl connector (keystoreFile="/root/.keystore") you appear to
> have access to root.
>
> That should do it
>
> Also in my etc/hosts file I have set 127.0.0.1 www.mywebapp.co.uk and my
> app is the root web app
>
> so now, combined with the following in web.xml
>
> <security-constraint>
> ...
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> ...
> </security-constraint>
>
> and a suitable servlet filter I can switch between http and https almost
> at
> will with no messing about with ports just by asking for
> http://www.mywebapp.co.uk
>
> Hope this helps
>
> Cheers
> Duncan
>
>
> On 7/6/07, christianhau <ch...@gmail.com> wrote:
>>
>>
>> Hi!
>>
>> I have set up a tomcat server with ssl that works fine as long as I go to
>> the adress https://adress:8443 I want to get rid of the port number, is
>> there any easy way to do this so that tomcat understands the https
>> request
>> that comes in?
>>
>> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>> clientAuth="false" keystorePass="changeit" sslProtocol="TLS"
>> keystoreFile="/root/.keystore"
>> truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts" />
>>
>> This is my ssl connector in my server.xml. I tried getting a redirct from
>> http to https going but couldn't do that in tomcat alone, any tips on
>> that
>> aswell? I have done this:
>>
>> <Connector port="8080" protocol="HTTP/1.1"
>>
>> redirectPort="8443" />
>>
>> With no luck... Thanks for any help!!
>> --
>> View this message in context:
>> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871
>> Sent from the Tomcat - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
--
View this message in context: http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11462081
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to remove port number from https adress and redirect http to https
Posted by Lyallex <ly...@gmail.com>.
Hi
This is my first contribution to this list and I expect others will have
better ways of doing it but ...
The way I managed to get his working is to set the ssl connector port to the
default ssl port (443)
and my non-ssl connector port to the default http port (80)
Obviously there are issues starting Tomcat on these ports on *NIX systems
but judging by the following
entry in your ssl connector (keystoreFile="/root/.keystore") you appear to
have access to root.
That should do it
Also in my etc/hosts file I have set 127.0.0.1 www.mywebapp.co.uk and my
app is the root web app
so now, combined with the following in web.xml
<security-constraint>
...
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
...
</security-constraint>
and a suitable servlet filter I can switch between http and https almost at
will with no messing about with ports just by asking for
http://www.mywebapp.co.uk
Hope this helps
Cheers
Duncan
On 7/6/07, christianhau <ch...@gmail.com> wrote:
>
>
> Hi!
>
> I have set up a tomcat server with ssl that works fine as long as I go to
> the adress https://adress:8443 I want to get rid of the port number, is
> there any easy way to do this so that tomcat understands the https request
> that comes in?
>
> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" keystorePass="changeit" sslProtocol="TLS"
> keystoreFile="/root/.keystore"
> truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts" />
>
> This is my ssl connector in my server.xml. I tried getting a redirct from
> http to https going but couldn't do that in tomcat alone, any tips on that
> aswell? I have done this:
>
> <Connector port="8080" protocol="HTTP/1.1"
>
> redirectPort="8443" />
>
> With no luck... Thanks for any help!!
> --
> View this message in context:
> http://www.nabble.com/How-to-remove-port-number-from-https-adress-and-redirect-http-to-https-tf4034030.html#a11459871
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>