On my Struts-Resume-based application.
I've set the parameter isSecure to "true" for the LoginServlet. That way if a user logs in using HTTP instead of HTTPS, they should be re-directed to an HTTPS URL, right?
Well IE goes into an infinite redirect loop. At least Mozilla Firebird stop after a few times and says the redirect limit has been exceeded (it also mentioned that cookies might have something to do with it).
I'm running under Tomcat 4.1.24 on a Solaris machine (at MMAWeb.net - great hosting with second-to-none service). Any ideas?
On the newsgroups the only reference I could find was to a bug in Tomcat 3.3.1 that occurred on CMA if your login page URL matched the security wildcard. It sounded like that was fixed in Tomcat 4.0+. The Struts-Resume login form url is "/login.jsp" which should not be protected so I guess this is not it.
Thanks in advance. - Richard
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry for the delay, I've been moving all weekend. Make sure the port numbers match what you appserver has. The defaults are specified in properties.xml.
HTH,
Matt
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hmm, thanks - this was a step in the right direction. I looked closer at the log and see a third port number involved. I come in on port 80 and expect to switch to port 443. But somehow Tomcat ends up redirecting to port 8485.
Below is a part of the log messages. Any further ideas?
INFO: Starting Coyote HTTP/1.1 on port 8285
Jul 26, 2003 6:13:49 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on port 8485
18:14:53,258 DEBUG SslUtil:70 - getRedirectString - desiredScheme: https, usingSchema: http
18:14:53,265 DEBUG SslUtil:71 - getRedirectString - desiredPort: 443, usingPort: 80
18:14:53,268 DEBUG SslUtil:75 - getRedirectString - either port or scheme does not match!
18:14:53,293 DEBUG SslUtil:86 - getRedirectString - urlString:https://www.fromltoj.com/stars/auth/?j_uri=&j_username=johndoe&login=Login&j_password=doejohn
18:14:53,297 DEBUG LoginServlet:210 - switching protocols, redirecting user
18:14:53,302 DEBUG LoginServlet:223 - Encrypting password for user 'johndoe'
18:14:53,868 DEBUG SslUtil:70 - getRedirectString - desiredScheme: https, usingSchema: http
18:14:53,882 DEBUG SslUtil:71 - getRedirectString - desiredPort: 443, usingPort: 8485
18:14:53,893 DEBUG SslUtil:75 - getRedirectString - either port or scheme does not match!
18:14:53,897 DEBUG SslUtil:86 - getRedirectString - urlString:https://www.fromltoj.com/stars/auth/?j_uri=&j_username=johndoe&login=Login&j_password=doejohn
18:14:53,943 DEBUG LoginServlet:210 - switching protocols, redirecting user
18:14:53,947 DEBUG LoginServlet:223 - Encrypting password for user 'johndoe'
18:14:54,285 DEBUG SslUtil:70 - getRedirectString - desiredScheme: https, usingSchema: http
18:14:54,289 DEBUG SslUtil:71 - getRedirectString - desiredPort: 443, usingPort: 8485
18:14:54,308 DEBUG SslUtil:75 - getRedirectString - either port or scheme does not match!
18:14:54,319 DEBUG SslUtil:86 - getRedirectString - urlString:https://www.fromltoj.com/stars/auth/?j_uri=&j_username=johndoe&login=Login&j_password=doejohn
18:14:54,325 DEBUG LoginServlet:210 - switching protocols, redirecting user
18:14:54,329 DEBUG LoginServlet:223 - Encrypting password for user 'johndoe'
18:14:54,668 DEBUG SslUtil:70 - getRedirectString - desiredScheme: https, usingSchema: http
18:14:54,672 DEBUG SslUtil:71 - getRedirectString - desiredPort: 443, usingPort: 8485
18:14:54,675 DEBUG SslUtil:75 - getRedirectString - either port or scheme does not match!
18:14:54,678 DEBUG SslUtil:86 - getRedirectString - urlString:https://www.fromltoj.com/stars/auth/?j_uri=&j_username=johndoe&login=Login&j_password=doejohn
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
OK, my provider has explained a little about where the port 8485 comes from in the two notes below. But now they are asking me to add the "index.jsp" filename. But given this occurs in the middle of Container Managed Authentication, I'm not sure how to do that. Can I actually modify the URL that is generated by SslUtil?
Thanks - Richard
-----Original Message #1-----
From: MMA [mailto:info@mmaweb.net]
Sent: Sunday, July 27, 2003 8:18 PM
Subject: Re: SSL Port redirection problem
Hello:
8485 is the port used by Tomcat for the connector to the SSL server. I've
added a proxyPort directive so it knows to send 443 as the proxy port
number. This should fix it. Thanks.
-----Original Message #2-----
From: MMA [mailto:info@mmaweb.net]
Sent: Sunday, July 27, 2003 8:21 PM
Subject: Re: SSL Port redirection problem
Hello:
Sorry, I was wrong. If the proxyPort directive is included, users can't
access the https:// URL without the index.jsp filename or they get an
error. In your redirect statement, if you include the index.jsp filename,
that should solve the looping problem. Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
On my Struts-Resume-based application.
I've set the parameter isSecure to "true" for the LoginServlet. That way if a user logs in using HTTP instead of HTTPS, they should be re-directed to an HTTPS URL, right?
Well IE goes into an infinite redirect loop. At least Mozilla Firebird stop after a few times and says the redirect limit has been exceeded (it also mentioned that cookies might have something to do with it).
I'm running under Tomcat 4.1.24 on a Solaris machine (at MMAWeb.net - great hosting with second-to-none service). Any ideas?
On the newsgroups the only reference I could find was to a bug in Tomcat 3.3.1 that occurred on CMA if your login page URL matched the security wildcard. It sounded like that was fixed in Tomcat 4.0+. The Struts-Resume login form url is "/login.jsp" which should not be protected so I guess this is not it.
Thanks in advance. - Richard
Sorry for the delay, I've been moving all weekend. Make sure the port numbers match what you appserver has. The defaults are specified in properties.xml.
HTH,
Matt
Hmm, thanks - this was a step in the right direction. I looked closer at the log and see a third port number involved. I come in on port 80 and expect to switch to port 443. But somehow Tomcat ends up redirecting to port 8485.
Below is a part of the log messages. Any further ideas?
INFO: Starting Coyote HTTP/1.1 on port 8285
Jul 26, 2003 6:13:49 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on port 8485
18:14:53,258 DEBUG SslUtil:70 - getRedirectString - desiredScheme: https, usingSchema: http
18:14:53,265 DEBUG SslUtil:71 - getRedirectString - desiredPort: 443, usingPort: 80
18:14:53,268 DEBUG SslUtil:75 - getRedirectString - either port or scheme does not match!
18:14:53,293 DEBUG SslUtil:86 - getRedirectString - urlString:https://www.fromltoj.com/stars/auth/?j_uri=&j_username=johndoe&login=Login&j_password=doejohn
18:14:53,297 DEBUG LoginServlet:210 - switching protocols, redirecting user
18:14:53,302 DEBUG LoginServlet:223 - Encrypting password for user 'johndoe'
18:14:53,868 DEBUG SslUtil:70 - getRedirectString - desiredScheme: https, usingSchema: http
18:14:53,882 DEBUG SslUtil:71 - getRedirectString - desiredPort: 443, usingPort: 8485
18:14:53,893 DEBUG SslUtil:75 - getRedirectString - either port or scheme does not match!
18:14:53,897 DEBUG SslUtil:86 - getRedirectString - urlString:https://www.fromltoj.com/stars/auth/?j_uri=&j_username=johndoe&login=Login&j_password=doejohn
18:14:53,943 DEBUG LoginServlet:210 - switching protocols, redirecting user
18:14:53,947 DEBUG LoginServlet:223 - Encrypting password for user 'johndoe'
18:14:54,285 DEBUG SslUtil:70 - getRedirectString - desiredScheme: https, usingSchema: http
18:14:54,289 DEBUG SslUtil:71 - getRedirectString - desiredPort: 443, usingPort: 8485
18:14:54,308 DEBUG SslUtil:75 - getRedirectString - either port or scheme does not match!
18:14:54,319 DEBUG SslUtil:86 - getRedirectString - urlString:https://www.fromltoj.com/stars/auth/?j_uri=&j_username=johndoe&login=Login&j_password=doejohn
18:14:54,325 DEBUG LoginServlet:210 - switching protocols, redirecting user
18:14:54,329 DEBUG LoginServlet:223 - Encrypting password for user 'johndoe'
18:14:54,668 DEBUG SslUtil:70 - getRedirectString - desiredScheme: https, usingSchema: http
18:14:54,672 DEBUG SslUtil:71 - getRedirectString - desiredPort: 443, usingPort: 8485
18:14:54,675 DEBUG SslUtil:75 - getRedirectString - either port or scheme does not match!
18:14:54,678 DEBUG SslUtil:86 - getRedirectString - urlString:https://www.fromltoj.com/stars/auth/?j_uri=&j_username=johndoe&login=Login&j_password=doejohn
OK, my provider has explained a little about where the port 8485 comes from in the two notes below. But now they are asking me to add the "index.jsp" filename. But given this occurs in the middle of Container Managed Authentication, I'm not sure how to do that. Can I actually modify the URL that is generated by SslUtil?
Thanks - Richard
-----Original Message #1-----
From: MMA [mailto:info@mmaweb.net]
Sent: Sunday, July 27, 2003 8:18 PM
Subject: Re: SSL Port redirection problem
Hello:
8485 is the port used by Tomcat for the connector to the SSL server. I've
added a proxyPort directive so it knows to send 443 as the proxy port
number. This should fix it. Thanks.
-----Original Message #2-----
From: MMA [mailto:info@mmaweb.net]
Sent: Sunday, July 27, 2003 8:21 PM
Subject: Re: SSL Port redirection problem
Hello:
Sorry, I was wrong. If the proxyPort directive is included, users can't
access the https:// URL without the index.jsp filename or they get an
error. In your redirect statement, if you include the index.jsp filename,
that should solve the looping problem. Thanks.
There are two locations where it attempts to redirect to SSL (if you have secure-login enabled).
1. In index.jsp - with a SecureTag tag library. This file also redirects to /mainMenu.do which invokes CMA.
2. In LoginServlet - if you're hitting index.jsp, you should already be using https and a redirect won't occur.
SslUtil is part of AppFuse, so you can modify the URL. It's also a String in LoginServlet that you could modify.
HTH,
Matt