• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Transport-guarantee in web.xml

 
Ranch Hand
Posts: 270
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have added transport-guarantee as CONFIDENTIAL in my web.xml file.

<security-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>

When I try to load the page (without using SSL "https://") with this URL http://www.myDomain.dk/app, the application automatically add port 8443 to the URL, like https://www.myDomain.dk:8443/app and shows a HTTP status 404 error page.

If I write the URL https://www.myDomain.dk/app it works perfect. Why does it automatically add port 8443 to the URL and how can I avoid that?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think you'll get an answer quicker in the Servlet forum, so I'm moving the thread there - please find it in that forum and continue the discussion.
 
Ranch Hand
Posts: 1514
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This depends on the server you are using. You may need to dig into the server's documentation
 
Jeppe Sommer
Ranch Hand
Posts: 270
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Okay I will try that. I know it runs on a Tomcat webserver. I have an idea that it has something to do with the settings in the server.xml config file, but I haven�t found the solution yet. I have read the documentation at http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html, but I still have the same problem...

Any solutions?
[ January 19, 2006: Message edited by: Jeppe Fjord ]
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Moving to the Apache/Tomcat forum.
(where I'll attempt to answer...)
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In the connector node of your server.xml file, there is a redirectPort attribute. By default it is set to 8443 (the default SSL port that browsers use is 443).
Try changing it to 443 and see if that fixes it.
PS: You'll need to restart Tomcat.

 
Jeppe Sommer
Ranch Hand
Posts: 270
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I tried to do what you have written, but it didn�t helped. I contacted the hosting company and they asked me to make a filter instead, which redirects the requests to "https".

I have another two questions now:

1) Is it possible to set the transport-guarantee in the java code, instead of doing it in the web.xml file, ie. something like:

setTransportGuarantee("CONFIDENTIAL");

2) Is it possible to use different SSL certificates for each application? Lets say I have two certificates - one certificate is created by myself and is NOT signed by a CA, and the other one I have bought and is signed by a CA.

My application structure is:
https://www.myDomain.dk/app1 - use a SSL certificate signed by CA
https://www.myDomain.dk/app2 - use a SSL certificate NOT signed by CA(free)
https://www.myDomain.dk/app3 - Never use SSL certificate
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Jeppe Fjord:
Hi,

I tried to do what you have written, but it didn�t helped.


I'm surprised that it did't work.
What port is your SSL connector binding to?
Can you post the code to both the secure and non-secure connectors (minus any cert passwords, of course)?


I contacted the hosting company and they asked me to make a filter instead, which redirects the requests to "https".

I have another two questions now:

1) Is it possible to set the transport-guarantee in the java code, instead of doing it in the web.xml file, ie. something like:

setTransportGuarantee("CONFIDENTIAL");



That part, I'm not sure about but
making a filter is not too difficult:



2) Is it possible to use different SSL certificates for each application? Lets say I have two certificates - one certificate is created by myself and is NOT signed by a CA, and the other one I have bought and is signed by a CA.



The connectors are children of Host and I know that Tomcat can have multiple hosts configured. I'm not sure if multiple hosts can all listen on the same domain though.
 
Jeppe Sommer
Ranch Hand
Posts: 270
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


I'm surprised that it did't work.
What port is your SSL connector binding to?
Can you post the code to both the secure and non-secure connectors (minus any cert passwords, of course)?



Here is how the server.xml is setup as default:

<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
<Connector port="31126"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
<!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 -->

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->

I have tried to change redirectPort="443". If I unblock SSL Coyote HTTP/1.1 Connector and set the port number to either port="8443" or port="443", I got this error when loading the application:

Service Temporarily Unavailable.

That part, I'm not sure about but
making a filter is not too difficult:



I have made this filter already, but is it possible to set the transport-guarantee as CONFIDENTIAL vs INTEGRAL vs NONE in your filter class?
[ January 21, 2006: Message edited by: Jeppe Fjord ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What's listening to port 80 and converting the requests to 31126?
<Connector port="31126"
Is your hosting company running Tomcat behind another webserver (such as the Apache Webserver)?
 
Time is the best teacher, but unfortunately, it kills all of its students - Robin Williams. tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic