baseURL when mixing SSL and non-SSL

[Wyllys Ingersoll <wy...@sun.com>]

Does JSPWiki get confused by having both SSL and non-SSL access to the wiki?

For example, my main site URL is: http://foo.bar.com
I want to secure the Login page so passwords are not passed around in the clear, so
my login happens at https://foo.bar.com/Login.jsp?redirect=Main

Once the users are logged in, I would prefer to switch them back to a non-SSL
connection. Is this possible to do without confusing JSPWiki and losing track
of the session and logged-in information?

thanks,
  Wyllys

RE: baseURL when mixing SSL and non-SSL

["Hobbs, Joseph" <Jo...@53.com>]

The error ssl_error_rx_record_too_long is thrown by Firefox when you hit
a non SSL enabled site via HTTPS://....  Follow up your host and see
what needs to be done.  I'd expect you'll have to provide them an SSL
certificate, which they would place on your server as appropriate.

Joseph Hobbs
IDM Lead : Lead Technology Architect
Identity Management Systems
Fifth Third Bank
Email : Joseph.Hobbs@53.com

-----Original Message-----
From: Terry Steichen [mailto:terry@net-frame.com] 
Sent: Saturday, March 21, 2009 3:01 PM
To: jspwiki-user@incubator.apache.org
Subject: Re: baseURL when mixing SSL and non-SSL

Our of curiosity I just tried to invoke my JSPWiki Login.jsp page with
https vs http - it failed and here's what I got:

        SSL received a record that exceeded the maximum permissible
        length.
        (Error code: ssl_error_rx_record_too_long)
        The page you are trying to view can not be shown because the
        authenticity of the received data could not be verified.
        
            * Please contact the web site owners to inform them of this
        problem.

I'm using port 80 and I started with http at the main prompt (prior to
invoking Login.jsp).

Do I have to arrange with my hosting service to activate SSL?  Or is
there something else needed?


On Sat, 2009-03-21 at 18:33 +0200, Janne Jalkanen wrote:

> Cookie/sessionwise that should be fine (as long as you are running in

> the standard ports and you start first with http before switching to  
> https).
> 
> Andrew, any chance you could have a writeup on this common scenario at

> doc.jspwiki.org?
> 
> /Janne
> 
> On 21 Mar 2009, at 16:22, Wyllys Ingersoll wrote:
> 
> >
> > Does JSPWiki get confused by having both SSL and non-SSL access to  
> > the wiki?
> >
> > For example, my main site URL is: http://foo.bar.com
> > I want to secure the Login page so passwords are not passed around  
> > in the clear, so
> > my login happens at https://foo.bar.com/Login.jsp?redirect=Main
> >
> > Once the users are logged in, I would prefer to switch them back to

> > a non-SSL
> > connection. Is this possible to do without confusing JSPWiki and  
> > losing track
> > of the session and logged-in information?
> >
> > thanks,
> > Wyllys
> >
> >

This e-mail transmission contains information that is confidential and may be privileged.   It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.

Re: baseURL when mixing SSL and non-SSL

[Terry Steichen <te...@net-frame.com>]

Our of curiosity I just tried to invoke my JSPWiki Login.jsp page with
https vs http - it failed and here's what I got:

        SSL received a record that exceeded the maximum permissible
        length.
        (Error code: ssl_error_rx_record_too_long)
        The page you are trying to view can not be shown because the
        authenticity of the received data could not be verified.
        
            * Please contact the web site owners to inform them of this
        problem.

I'm using port 80 and I started with http at the main prompt (prior to
invoking Login.jsp).

Do I have to arrange with my hosting service to activate SSL?  Or is
there something else needed?


On Sat, 2009-03-21 at 18:33 +0200, Janne Jalkanen wrote:

> Cookie/sessionwise that should be fine (as long as you are running in  
> the standard ports and you start first with http before switching to  
> https).
> 
> Andrew, any chance you could have a writeup on this common scenario at  
> doc.jspwiki.org?
> 
> /Janne
> 
> On 21 Mar 2009, at 16:22, Wyllys Ingersoll wrote:
> 
> >
> > Does JSPWiki get confused by having both SSL and non-SSL access to  
> > the wiki?
> >
> > For example, my main site URL is: http://foo.bar.com
> > I want to secure the Login page so passwords are not passed around  
> > in the clear, so
> > my login happens at https://foo.bar.com/Login.jsp?redirect=Main
> >
> > Once the users are logged in, I would prefer to switch them back to  
> > a non-SSL
> > connection. Is this possible to do without confusing JSPWiki and  
> > losing track
> > of the session and logged-in information?
> >
> > thanks,
> > Wyllys
> >
> >

Re: baseURL when mixing SSL and non-SSL

[Janne Jalkanen <ja...@ecyrd.com>]

Cookie/sessionwise that should be fine (as long as you are running in  
the standard ports and you start first with http before switching to  
https).

Andrew, any chance you could have a writeup on this common scenario at  
doc.jspwiki.org?

/Janne

On 21 Mar 2009, at 16:22, Wyllys Ingersoll wrote:

>
> Does JSPWiki get confused by having both SSL and non-SSL access to  
> the wiki?
>
> For example, my main site URL is: http://foo.bar.com
> I want to secure the Login page so passwords are not passed around  
> in the clear, so
> my login happens at https://foo.bar.com/Login.jsp?redirect=Main
>
> Once the users are logged in, I would prefer to switch them back to  
> a non-SSL
> connection. Is this possible to do without confusing JSPWiki and  
> losing track
> of the session and logged-in information?
>
> thanks,
> Wyllys
>
>