You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ofbiz.apache.org by William Angus <wi...@virtualxpert.com.au> on 2009/08/06 04:33:32 UTC

Disabling use of https on OfBiz servers

Hi,

I am currently trying to disable the use of https on the webtools/admin 
side of ofbiz so that we can use access control to pass users to the 
appropriate location within our network.

Our system will consist of SSL terminated behind our router/firewall on 
the proxy server prior to the proxy forwarding to the ofbiz application 
servers. https will be used until the traffic hits the proxy where it is 
decrypted using stunnel or similar. Once decrypted we will use the 
http-based ACLs to pass the traffic to the appropriate login instance.

Problem is, I seem to be unable to force the use of http only within our 
test environment.

Currently the test environment we have been looking at this with is 
trunk-2009-07-21-v796194 using embedded Tomcat but we would be looking 
to running a full Tomcat install on a production system.

To date I have tried changing the settings of url.properties to 
port.https.enabled=N
and
force.http.host=Y

also have looked at server.xml in the tomcat6 section and just for a 
test changed all 8443 to 8080 however when the following url was tried
http://server-name:8080/webtools/login
it changed back to https://.......:8443/....

I was wondering if there was anything that I have missed or if there is 
a specific file/entry that holds the configuration settings for 
webtools/login.

I haven't had much experience of configuring Tomcat or OfBiz (past 
database setup and initial install) as until recently my focus has been 
elsewhere.

Regards
William Angus
-- 
William Angus - Systems Analyst
Virtual Xpert Pty Ltd
Suite 207, 35 Buckingham Street
Surry Hills
NSW 2010
Australia

Ph: +61 2 9007 1480
Fax: +61 2 8905 9438
Mob: +61 424 298 449
email: will@virtualxpert.com.au

www.virtualxpert.com.au

Re: Disabling use of https on OfBiz servers

Posted by Mike Rose <mx...@mutsys.com>.

Hi William,

    I recently had to do a similar task.  My solution was to proxy  
Tomcat with and Apache httpd instance via AJP/JK.  Within Apache you  
now have a fair number of flexible tools that allow you to modify URLs  
as they pass through.  mod_rewrite is especially helpful here to use  
to fake out Tomcat.

Mike


On Aug 5, 2009, at 10:33 PM, William Angus wrote:

> Hi,
>
> I am currently trying to disable the use of https on the webtools/ 
> admin side of ofbiz so that we can use access control to pass users  
> to the appropriate location within our network.
>
> Our system will consist of SSL terminated behind our router/firewall  
> on the proxy server prior to the proxy forwarding to the ofbiz  
> application servers. https will be used until the traffic hits the  
> proxy where it is decrypted using stunnel or similar. Once decrypted  
> we will use the http-based ACLs to pass the traffic to the  
> appropriate login instance.
>
> Problem is, I seem to be unable to force the use of http only within  
> our test environment.
>
> Currently the test environment we have been looking at this with is  
> trunk-2009-07-21-v796194 using embedded Tomcat but we would be  
> looking to running a full Tomcat install on a production system.
>
> To date I have tried changing the settings of url.properties to  
> port.https.enabled=N
> and
> force.http.host=Y
>
> also have looked at server.xml in the tomcat6 section and just for a  
> test changed all 8443 to 8080 however when the following url was tried
> http://server-name:8080/webtools/login
> it changed back to https://.......:8443/....
>
> I was wondering if there was anything that I have missed or if there  
> is a specific file/entry that holds the configuration settings for  
> webtools/login.
>
> I haven't had much experience of configuring Tomcat or OfBiz (past  
> database setup and initial install) as until recently my focus has  
> been elsewhere.
>
> Regards
> William Angus
> -- 
> William Angus - Systems Analyst
> Virtual Xpert Pty Ltd
> Suite 207, 35 Buckingham Street
> Surry Hills
> NSW 2010
> Australia
>
> Ph: +61 2 9007 1480
> Fax: +61 2 8905 9438
> Mob: +61 424 298 449
> email: will@virtualxpert.com.au
>
> www.virtualxpert.com.au

Re: Disabling use of https on OfBiz servers

Posted by Scott Gray <sc...@hotwaxmedia.com>.

I think that'll come down to the only option unless you want to change  
the RequestHandler class, even if you can prevent the redirect by  
configuration any POST data meant for a secure url will be rejected if  
sent via http.

Regards
Scott

HotWax Media
http://www.hotwaxmedia.com

On 6/08/2009, at 3:03 PM, anne@cohsoft.com.au wrote:

> Hi William
>
> The only way I know of is to edit the relevant controller.xml  
> file(s), looking for
>
> <security https="true".../>
>
> and changing that "true" to "false".
>
> Someone else may know a better way.
>
> Cheers,
> Anne.
>
> 2009/8/6 William Angus <wi...@virtualxpert.com.au>
> Hi,
>
> I am currently trying to disable the use of https on the webtools/ 
> admin side of ofbiz so that we can use access control to pass users  
> to the appropriate location within our network.
>
> Our system will consist of SSL terminated behind our router/firewall  
> on the proxy server prior to the proxy forwarding to the ofbiz  
> application servers. https will be used until the traffic hits the  
> proxy where it is decrypted using stunnel or similar. Once decrypted  
> we will use the http-based ACLs to pass the traffic to the  
> appropriate login instance.
>
> Problem is, I seem to be unable to force the use of http only within  
> our test environment.
>
> Currently the test environment we have been looking at this with is  
> trunk-2009-07-21-v796194 using embedded Tomcat but we would be  
> looking to running a full Tomcat install on a production system.
>
> To date I have tried changing the settings of url.properties to  
> port.https.enabled=N
> and
> force.http.host=Y
>
> also have looked at server.xml in the tomcat6 section and just for a  
> test changed all 8443 to 8080 however when the following url was tried
> http://server-name:8080/webtools/login
> it changed back to https://.......:8443/....
>
> I was wondering if there was anything that I have missed or if there  
> is a specific file/entry that holds the configuration settings for  
> webtools/login.
>
> I haven't had much experience of configuring Tomcat or OfBiz (past  
> database setup and initial install) as until recently my focus has  
> been elsewhere.
>
> Regards
> William Angus
> -- 
> William Angus - Systems Analyst
> Virtual Xpert Pty Ltd
> Suite 207, 35 Buckingham Street
> Surry Hills
> NSW 2010
> Australia
>
> Ph: +61 2 9007 1480
> Fax: +61 2 8905 9438
> Mob: +61 424 298 449
> email: will@virtualxpert.com.au
>
> www.virtualxpert.com.au
>
>
>
> -- 
> Coherent Software Australia Pty Ltd
> PO Box 2773
> Cheltenham Vic 3192
> Phone: (03) 9585 6788
> Fax: (03) 9585 1086
> Web: http://www.cohsoft.com.au/
> Email: sales@cohsoft.com.au
>
> Bonsai ERP, the all-inclusive ERP system
> http://www.bonsaierp.com.au/
>

Re: Disabling use of https on OfBiz servers

Posted by an...@cohsoft.com.au.

Hi William

The only way I know of is to edit the relevant controller.xml file(s), looking for

&lt;security https="true".../&gt;

and changing that "true" to "false".

Someone else may know a better way.

Cheers,
Anne.

2009/8/6 William Angus &lt;will@virtualxpert.com.au&gt;
Hi,

I am currently trying to disable the use of https on the webtools/admin side of ofbiz so that we can use access control to pass users to the appropriate location within our network.

Our system will consist of SSL terminated behind our router/firewall on the proxy server prior to the proxy forwarding to the ofbiz application servers. https will be used until the traffic hits the proxy where it is decrypted using stunnel or similar. Once decrypted we will use the http-based ACLs to pass the traffic to the appropriate login instance.

Problem is, I seem to be unable to force the use of http only within our test environment.

Currently the test environment we have been looking at this with is trunk-2009-07-21-v796194 using embedded Tomcat but we would be looking to running a full Tomcat install on a production system.

To date I have tried changing the settings of url.properties to port.https.enabled=N
and
force.http.host=Y

also have looked at server.xml in the tomcat6 section and just for a test changed all 8443 to 8080 however when the following url was tried
http://server-name:8080/webtools/login
it changed back to https://.......:8443/....

I was wondering if there was anything that I have missed or if there is a specific file/entry that holds the configuration settings for webtools/login.

I haven't had much experience of configuring Tomcat or OfBiz (past database setup and initial install) as until recently my focus has been elsewhere.

Regards
William Angus
--
William Angus - Systems Analyst
Virtual Xpert Pty Ltd
Suite 207, 35 Buckingham Street
Surry Hills
NSW 2010
Australia

Ph: +61 2 9007 1480
Fax: +61 2 8905 9438
Mob: +61 424 298 449
email: will@virtualxpert.com.au

www.virtualxpert.com.au

--
Coherent Software Australia Pty Ltd
PO Box 2773
Cheltenham Vic 3192
Phone: (03) 9585 6788
Fax: (03) 9585 1086
Web: http://www.cohsoft.com.au/
Email: sales@cohsoft.com.au

Bonsai ERP, the all-inclusive ERP system
http://www.bonsaierp.com.au/