SSL

2009-09-02
2013-04-23
  • Adam Peters
    Adam Peters
    2009-09-02

    Hi,

    Has anybody gotten Once:Radix to work with SSL.  I got it successfully configured for Tomcat such that I can get to the main login screen under SSL.  However, everytime I try to login, I get an error message:  "Could not establish contact with the Once server. Please verify that it is running and try again."  PostgreSQL and Tomcat are definitely running.

    Any help would be appreciated. 

    Thanks,
    Adam

     
    • onceradix
      onceradix
      2009-09-05

      Adam

      Are you using Apache on the front end or are you trying to connect directly to Tomcat using https addressing?

      Rob Napier

       
    • Adam Peters
      Adam Peters
      2009-09-05

      Rob,

      I'm trying to connect directly to Tomcat using https addressing.  I followed the instructions in the Tomcat documentation for setting up ssl.

      Thanks,
      Adam

       
    • onceradix
      onceradix
      2009-09-06

      Adam

      As far as I know, you need Apache to make an SSL connection, but I have no details as to why that is. I'll speak to my staff and will try to get it clarified tomorrow.

      We've never used an SSL connection directly to the server. People who want secure external connections usually want everything secure so they use a VPN or apply IP address restrictions. Do you have a specific application for the HTTPS connection?

      Rob

      Rob

       
    • Adam Peters
      Adam Peters
      2009-09-06

      Rob

      My need for SSL is two-fold.  The primary purpose of the application I want to design for my employer is as a primary business database for operations.  However, part of the company's operations require scheduling appointments with external business partners.  I want to provide limited access to those partners so that they can schedule their own appointments.  While my employer does currently use virtualization for employees to access company applications outside of the office, the IT department will most likely not want to issue such access to non-employees.

      Also, my employer may want to host this application off-site through a server hosting provider.  For both of these reasons, SSL encryption would be necessary.

      I know there is a Tomcat connector for Apache httpd which allows httpd to serve static pages but forwards dynamic requests to Tomcat.  The setup of such an arrangement seems rather complicated, so I wanted to check with you and others on the forum to see if it is even the right solution to pursue before I get too invested in it.  I look forward to hearing what you find out.

      Thanks,
      Adam

       
      • Hello Adam,
        we need to make some changes in code for "https://" protocol support, some parts of code came from "old times" and have hardcoded "http://" protocol.

        Sincerely,
        Vadim

         
    • Adam Peters
      Adam Peters
      2009-09-07

      Thanks for checking into the issue for me Rob and Vadzim.  I hope to see the change in the next release.

      Thanks again,
      Adam

       
    • onceradix
      onceradix
      2009-09-07

      Adam

      What we are yet to cover in detail is the owebAPI. We released once:radix 1.5.0 just before I went on leave. Unfortunately I was unable to complete documentation for owebAPI in time. However an introduction to it is available at: www.oncetechnologies.com/owebAPI

      If you want to test it out, you can connect to the server via Firefox and create a public account for yourself. The once:secureserver address is: http://202.130.35.82:8080/once/

      It's located in Sydney so you'll find it a bit slow as outbound connections from Australia tend to be sluggish.

      Alternatively, you can create the account directly via the owebAPI. I mention both options to emphasise the fact that you are connecting to the same once:secureserver – one directly into Sydney, Australia via oLOGON and oCLI and one via an external web server in in Rock Hill, South Carolina.

      Once you've created an account, you can test it via the Live Demo at oncetechnologies.com. Here is what happens:

      1. Connect to http://oncetechnologies.com/owebAPI/demo_livedemo.php

      2. Enter the new username and password that you created via oLOGON or create one on this website.

      3. The web server sets up a secure connection from Rock Hill to Sydney and completes the log on process. If all is OK, the session is established, allowing you to perform other operations. The full set of options available in the owebAPI demonstration include:

      * Create new user
      * Login / Logout
      * Browse records
      * Delete records
      * Insert records
      * Update records.

      owebAPI was designed to provide a secure web services connector. It is not fully SOAP compliant but offers similar facilities. It uses the same servlet that i-Report uses when connecting to once:secureserver.

      You can create pages using PHP, HTML, JSP, etc. using the API. This may be a better option for your external client access. That said, we’ll look closer at an SSL connection to Tomcat.

      Rob Napier

       
    • onceradix
      onceradix
      2009-09-07

      Adam

      Further to my earlier post, I'm pleased to be able to advise you that we have completed implementation of support for SSL, as you requested.

      Notwithstanding my earlier comments about owebAPI, it's good that we were able to implement it so quickly.

      Adam, I'd like to invite you to help us by doing an independent review before we release this update. If so, please contact us directly.

      Many thanks for your suggestion.

      Rob Napier

       
  • Adam Peters
    Adam Peters
    2009-09-21

    Rob,

    I installed the revised classes that you sent me to support SSL, and they work well.  I look forward to the official release of the update.  Thank you for implementing this feature.

    Adam