You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Łukasz Budnik (JIRA)" <ji...@apache.org> on 2010/01/04 12:53:55 UTC
[jira] Created: (GERONIMO-5010) Transport confifential not working,
403 instead of 302 HTTP headers returned
Transport confifential not working, 403 instead of 302 HTTP headers returned
----------------------------------------------------------------------------
Key: GERONIMO-5010
URL: https://issues.apache.org/jira/browse/GERONIMO-5010
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: Tomcat
Affects Versions: 2.2
Environment: G 2.2 with Tomcat 6, running on Windows XP with Java 6
Reporter: Łukasz Budnik
Priority: Blocker
I found it out by accident I was migrating Web Service which uses CONFIDENTIAL transport layer security.
By looking at the tcpmon I found out that POST request weren't forwarded to HTTPS and was served using plain HTTP.
The quickest way to reproduce this error:
http://localhost:8080/console/secure
Instead of being brought to https schema (followed by HTTP 302), the result is: HTTP 403 error.
It was all working in G 2.1.x.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-5010) Transport confifential not
working, 403 instead of 302 HTTP headers returned
Posted by "Łukasz Budnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12798023#action_12798023 ]
Łukasz Budnik commented on GERONIMO-5010:
-----------------------------------------
It might not be Tomcat issue...
I just downloaded G-Jetty 2.2
the same thing, when accessing:
http://localhost/console/secure
instead of being brought to https://localhost/console/secure I get:
HTTP ERROR 403
Problem accessing /console/secure. Reason:
Forbidden
Powered by Jetty://
> Transport confifential not working, 403 instead of 302 HTTP headers returned
> ----------------------------------------------------------------------------
>
> Key: GERONIMO-5010
> URL: https://issues.apache.org/jira/browse/GERONIMO-5010
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.2
> Environment: G 2.2 with Tomcat 6, running on Windows XP with Java 6
> Reporter: Łukasz Budnik
> Priority: Blocker
>
> I found it out by accident I was migrating Web Service which uses CONFIDENTIAL transport layer security.
> By looking at the tcpmon I found out that POST request weren't forwarded to HTTPS and was served using plain HTTP.
> The quickest way to reproduce this error:
> http://localhost:8080/console/secure
> Instead of being brought to https schema (followed by HTTP 302), the result is: HTTP 403 error.
> It was all working in G 2.1.x.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-5010) Transport confifential not working,
403 instead of 302 HTTP headers returned
Posted by "Łukasz Budnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Łukasz Budnik updated GERONIMO-5010:
------------------------------------
Comment: was deleted
(was: It might not be Tomcat issue...
I just downloaded G-Jetty 2.2
the same thing, when accessing:
http://localhost/console/secure
instead of being brought to https://localhost/console/secure I get:
HTTP ERROR 403
Problem accessing /console/secure. Reason:
Forbidden
Powered by Jetty://)
> Transport confifential not working, 403 instead of 302 HTTP headers returned
> ----------------------------------------------------------------------------
>
> Key: GERONIMO-5010
> URL: https://issues.apache.org/jira/browse/GERONIMO-5010
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.2
> Environment: G 2.2 with Tomcat 6, running on Windows XP with Java 6
> Reporter: Łukasz Budnik
> Priority: Blocker
>
> I found it out by accident I was migrating Web Service which uses CONFIDENTIAL transport layer security.
> By looking at the tcpmon I found out that POST request weren't forwarded to HTTPS and was served using plain HTTP.
> The quickest way to reproduce this error:
> http://localhost:8080/console/secure
> Instead of being brought to https schema (followed by HTTP 302), the result is: HTTP 403 error.
> It was all working in G 2.1.x.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (GERONIMO-5010) Transport confifential not
working, 403 instead of 302 HTTP headers returned
Posted by "Delos Dai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Delos Dai resolved GERONIMO-5010.
---------------------------------
Resolution: Fixed
Redirect it to secure port in revision #948344.
> Transport confifential not working, 403 instead of 302 HTTP headers returned
> ----------------------------------------------------------------------------
>
> Key: GERONIMO-5010
> URL: https://issues.apache.org/jira/browse/GERONIMO-5010
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.2
> Environment: G 2.2 with Tomcat 6, running on Windows XP with Java 6
> Reporter: Łukasz Budnik
> Assignee: Delos Dai
> Priority: Blocker
> Fix For: 2.2.1
>
>
> I found it out by accident I was migrating Web Service which uses CONFIDENTIAL transport layer security.
> By looking at the tcpmon I found out that POST request weren't forwarded to HTTPS and was served using plain HTTP.
> The quickest way to reproduce this error:
> http://localhost:8080/console/secure
> Instead of being brought to https schema (followed by HTTP 302), the result is: HTTP 403 error.
> It was all working in G 2.1.x.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (GERONIMO-5010) Transport confifential not
working, 403 instead of 302 HTTP headers returned
Posted by "Delos Dai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Delos Dai resolved GERONIMO-5010.
---------------------------------
Resolution: Fixed
> Transport confifential not working, 403 instead of 302 HTTP headers returned
> ----------------------------------------------------------------------------
>
> Key: GERONIMO-5010
> URL: https://issues.apache.org/jira/browse/GERONIMO-5010
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.2
> Environment: G 2.2 with Tomcat 6, running on Windows XP with Java 6
> Reporter: Łukasz Budnik
> Assignee: Delos Dai
> Priority: Blocker
> Fix For: 2.2.1
>
>
> I found it out by accident I was migrating Web Service which uses CONFIDENTIAL transport layer security.
> By looking at the tcpmon I found out that POST request weren't forwarded to HTTPS and was served using plain HTTP.
> The quickest way to reproduce this error:
> http://localhost:8080/console/secure
> Instead of being brought to https schema (followed by HTTP 302), the result is: HTTP 403 error.
> It was all working in G 2.1.x.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (GERONIMO-5010) Transport confifential not
working, 403 instead of 302 HTTP headers returned
Posted by "viola.lu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
viola.lu reopened GERONIMO-5010:
--------------------------------
now it displas a blank page, not redirect to https
> Transport confifential not working, 403 instead of 302 HTTP headers returned
> ----------------------------------------------------------------------------
>
> Key: GERONIMO-5010
> URL: https://issues.apache.org/jira/browse/GERONIMO-5010
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.2
> Environment: G 2.2 with Tomcat 6, running on Windows XP with Java 6
> Reporter: Łukasz Budnik
> Assignee: Delos Dai
> Priority: Blocker
> Fix For: 2.2.1
>
>
> I found it out by accident I was migrating Web Service which uses CONFIDENTIAL transport layer security.
> By looking at the tcpmon I found out that POST request weren't forwarded to HTTPS and was served using plain HTTP.
> The quickest way to reproduce this error:
> http://localhost:8080/console/secure
> Instead of being brought to https schema (followed by HTTP 302), the result is: HTTP 403 error.
> It was all working in G 2.1.x.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-5010) Transport confifential not
working, 403 instead of 302 HTTP headers returned
Posted by "Łukasz Budnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12798024#action_12798024 ]
Łukasz Budnik commented on GERONIMO-5010:
-----------------------------------------
It might not be Tomcat issue...
I just downloaded G-Jetty 2.2
the same thing, when accessing:
http://localhost/console/secure
instead of being brought to https://localhost/console/secure I get:
HTTP ERROR 403
Problem accessing /console/secure. Reason:
Forbidden
Powered by Jetty://
> Transport confifential not working, 403 instead of 302 HTTP headers returned
> ----------------------------------------------------------------------------
>
> Key: GERONIMO-5010
> URL: https://issues.apache.org/jira/browse/GERONIMO-5010
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.2
> Environment: G 2.2 with Tomcat 6, running on Windows XP with Java 6
> Reporter: Łukasz Budnik
> Priority: Blocker
>
> I found it out by accident I was migrating Web Service which uses CONFIDENTIAL transport layer security.
> By looking at the tcpmon I found out that POST request weren't forwarded to HTTPS and was served using plain HTTP.
> The quickest way to reproduce this error:
> http://localhost:8080/console/secure
> Instead of being brought to https schema (followed by HTTP 302), the result is: HTTP 403 error.
> It was all working in G 2.1.x.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-5010) Transport confifential not working,
403 instead of 302 HTTP headers returned
Posted by "Shawn Jiang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shawn Jiang updated GERONIMO-5010:
----------------------------------
Fix Version/s: 2.2.1
> Transport confifential not working, 403 instead of 302 HTTP headers returned
> ----------------------------------------------------------------------------
>
> Key: GERONIMO-5010
> URL: https://issues.apache.org/jira/browse/GERONIMO-5010
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.2
> Environment: G 2.2 with Tomcat 6, running on Windows XP with Java 6
> Reporter: Łukasz Budnik
> Priority: Blocker
> Fix For: 2.2.1
>
>
> I found it out by accident I was migrating Web Service which uses CONFIDENTIAL transport layer security.
> By looking at the tcpmon I found out that POST request weren't forwarded to HTTPS and was served using plain HTTP.
> The quickest way to reproduce this error:
> http://localhost:8080/console/secure
> Instead of being brought to https schema (followed by HTTP 302), the result is: HTTP 403 error.
> It was all working in G 2.1.x.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-5010) Transport confifential not working,
403 instead of 302 HTTP headers returned
Posted by "viola.lu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
viola.lu closed GERONIMO-5010.
------------------------------
This redirect problem is fixed in build 2010.05.26-10:48:25.735-0400. but after redirection ,https://localhost:8443/console/secure doesn't exist 500 error, i will open another jira to track this problem.
> Transport confifential not working, 403 instead of 302 HTTP headers returned
> ----------------------------------------------------------------------------
>
> Key: GERONIMO-5010
> URL: https://issues.apache.org/jira/browse/GERONIMO-5010
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.2
> Environment: G 2.2 with Tomcat 6, running on Windows XP with Java 6
> Reporter: Łukasz Budnik
> Assignee: Delos Dai
> Priority: Blocker
> Fix For: 2.2.1
>
>
> I found it out by accident I was migrating Web Service which uses CONFIDENTIAL transport layer security.
> By looking at the tcpmon I found out that POST request weren't forwarded to HTTPS and was served using plain HTTP.
> The quickest way to reproduce this error:
> http://localhost:8080/console/secure
> Instead of being brought to https schema (followed by HTTP 302), the result is: HTTP 403 error.
> It was all working in G 2.1.x.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (GERONIMO-5010) Transport confifential not
working, 403 instead of 302 HTTP headers returned
Posted by "Delos Dai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-5010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Delos Dai reassigned GERONIMO-5010:
-----------------------------------
Assignee: Delos Dai
> Transport confifential not working, 403 instead of 302 HTTP headers returned
> ----------------------------------------------------------------------------
>
> Key: GERONIMO-5010
> URL: https://issues.apache.org/jira/browse/GERONIMO-5010
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.2
> Environment: G 2.2 with Tomcat 6, running on Windows XP with Java 6
> Reporter: Łukasz Budnik
> Assignee: Delos Dai
> Priority: Blocker
> Fix For: 2.2.1
>
>
> I found it out by accident I was migrating Web Service which uses CONFIDENTIAL transport layer security.
> By looking at the tcpmon I found out that POST request weren't forwarded to HTTPS and was served using plain HTTP.
> The quickest way to reproduce this error:
> http://localhost:8080/console/secure
> Instead of being brought to https schema (followed by HTTP 302), the result is: HTTP 403 error.
> It was all working in G 2.1.x.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.