|

»

Apache Incubator

»

»

Problem in switching to HTTPS channel

View: New views

4 Messages — Rating Filter: Alert me

	Problem in switching to HTTPS channel by (David) Ming Xia :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Everyone. I could not set up switching to HTTPS channel for login. I added couple of line into security.xml as illustrated in the following sample code. I started the application and tried to login at https://localhost:9443/blog/roller-ui/login.rol. The login page was not load up. I would appreciate if some one could give some advices. Do I need to something in addition to change security.xml? Thank you for your help. David <!-- ===================== SSL SWITCHING ==================== --> <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter"> <property name="channelDecisionManager" ref="channelDecisionManager"/> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /roller_j_security_check=REQUIRES_SECURE_CHANNEL /roller-ui/login.rol=REQUIRES_SECURE_CHANNEL /roller-ui/login-redirect.rol=REQUIRES_SECURE_CHANNEL /**=REQUIRES_INSECURE_CHANNEL </value> </property> </bean> <bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl"> <property name="channelProcessors"> <list> <bean class="org.acegisecurity.securechannel.SecureChannelProcessor"/> <bean class="org.acegisecurity.securechannel.InsecureChannelProcessor"/> </list> </property> </bean>
	Re: Problem in switching to HTTPS channel by (David) Ming Xia :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message All, I modified security.xml as following: --------------------------------------------------- <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /roller_j_security_check=REQUIRES_SECURE_CHANNEL /roller-ui/login-redirect.jsp=REQUIRES_SECURE_CHANNEL /roller-ui/login.rol=REQUIRES_SECURE_CHANNEL /roller-ui/register.rol=REQUIRES_SECURE_CHANNEL /roller-ui/register!save.rol=REQUIRES_SECURE_CHANNEL </value> </property> ----------------------------------------------------- I also modified roller-custom.properties --------------------------------------------------- # Enables HTTPS for login page only securelogin.enabled=true # Enable scheme enforcement? # Scheme enforcement ensures that specific URLs are viewed only via HTTPS schemeenforcement.enabled=true --------------------------------------------------- I tried https://localhost:9443/blog/roller-ui/login-redirect.rol and https://localhost:9443/blog/roller-ui/register.rol It still doesn't work. Any idea? Thank you very much. David --- On Thu, 6/11/09, (David) Ming Xia <david.ming.xia@...> wrote: From: (David) Ming Xia <david.ming.xia@...> Subject: Problem in switching to HTTPS channel To: "Mailing List Apache Roller User" <user@...>, "Mailing List Apache Roller Developer" <dev@...> Date: Thursday, June 11, 2009, 11:05 AM Hi, Everyone. I could not set up switching to HTTPS channel for login. I added couple of line into security.xml as illustrated in the following sample code. I started the application and tried to login at https://localhost:9443/blog/roller-ui/login.rol. The login page was not load up. I would appreciate if some one could give some advices. Do I need to something in addition to change security.xml? Thank you for your help. David <!-- ===================== SSL SWITCHING ==================== --> <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter"> <property name="channelDecisionManager" ref="channelDecisionManager"/> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /roller_j_security_check=REQUIRES_SECURE_CHANNEL /roller-ui/login.rol=REQUIRES_SECURE_CHANNEL /roller-ui/login-redirect.rol=REQUIRES_SECURE_CHANNEL /**=REQUIRES_INSECURE_CHANNEL </value> </property> </bean> <bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl"> <property name="channelProcessors"> <list> <bean class="org.acegisecurity.securechannel.SecureChannelProcessor"/> <bean class="org.acegisecurity.securechannel.InsecureChannelProcessor"/> </list> </property> </bean>
	Re: Problem in switching to HTTPS channel by Greg.Huber :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello, What you could try and do is add "securelogin.https.port=9443" (as it looks like you are using a non standard port) to either the roller.properties or your custom roller-custom.properties file. Make sure also that the https is switched on also via the roller.properties schemeenforcement.enabled=true and securelogin.enabled=true properties. Cheers Greg "(David) Ming Xia" <david.ming.xia@...> 11/06/2009 16:06 Please respond to dev@... To Mailing List Apache Roller User <user@...>, Mailing List Apache Roller Developer <dev@...> cc Subject Problem in switching to HTTPS channel Hi, Everyone. I could not set up switching to HTTPS channel for login. I added couple of line into security.xml as illustrated in the following sample code. I started the application and tried to login at https://localhost:9443/blog/roller-ui/login.rol. The login page was not load up. I would appreciate if some one could give some advices. Do I need to something in addition to change security.xml? Thank you for your help. David <!-- ===================== SSL SWITCHING ==================== --> <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter"> <property name="channelDecisionManager" ref="channelDecisionManager"/> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /roller_j_security_check=REQUIRES_SECURE_CHANNEL /roller-ui/login.rol=REQUIRES_SECURE_CHANNEL /roller-ui/login-redirect.rol=REQUIRES_SECURE_CHANNEL /**=REQUIRES_INSECURE_CHANNEL </value> </property> </bean> <bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl"> <property name="channelProcessors"> <list> <bean class="org.acegisecurity.securechannel.SecureChannelProcessor"/> <bean class="org.acegisecurity.securechannel.InsecureChannelProcessor"/> </list> </property> </bean> Share our environment commitment - conserve resources and contribute to the reduction of CO2 emissions by not printing the email unless absolutely necessary to do so. Any opinions expressed are those of the author, not Ricoh UK Ltd. This communication does not constitute either offer or acceptance of any contractually binding agreement. Such offer or acceptance must be communicated in writing. It is the responsibility of the recipient to ensure this email and attachments are free from computer viruses before use and the sender accepts no responsibility or liability for any such computer viruses. Ricoh UK Ltd. may monitor the content of emails sent and received via its network for the purpose of ensuring compliance with its policies and procedures. This communication contains information, which may be confidential or privileged. The information is intended solely for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this communication in error, please notify the sender immediately by return email with a copy to postmaster@... . Please contact us on +44 (0) 208 261 4000 if you need assistance. Registered in England No: 473236 VAT No: GB524161280
	Re: Problem in switching to HTTPS channel by (David) Ming Xia :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Greg. Thank you so much for your help. With the clue you provided I moved forward a little bit. The following is what I got so far. In Roller 4.0.1, the switching between http and https channels was implemented with org.apache.roller.weblogger.ui.core.filters.SchemeEnforcementFilter. SchemeEnforcementFilter takes four parameters, and the following are what I have in my roller-custom.properties. ----------------------------------------------- # Added this line to provide https channel securelogin.http.port=9080 <-- I added this securelogin.https.port=9443 <-- I added this # Enables HTTPS for login page only securelogin.enabled=true <-- I change this to 'true' # Enable scheme enforcement? # Scheme enforcement ensures that specific URLs are viewed only via HTTPS schemeenforcement.enabled=true <-- I change this to 'true' ----------------------------------------------- Also, I have to add some url for https -------------------------------------------------------- schemeenforcement.https.urls=/roller_j_security_check,\ /roller-ui/login-redirect.jsp,\ /roller-ui/login-redirect.rol,\ <-- I added this -------------------------------------------------------- However, it still doesn't work. The reason is that in req.getServletPath() return empty string for 'http://9080/blog/roller-ui/login-redirect.rol', so the process could not find a match for switching channel. So why req.getServletPath() return empty string for '/roller-ui/login-redirect.rol'? I am using WebSphere 7.0.3. Will it return '/roller-ui/login-redirect.rol' in Tomcat? I don't know. But overall, I feel this is not good. Switching between http and https channels should by implemented in service layer and should be handled by web container. By Java EE declarative security standard, we only need to specify user data constraints in web.xml. Now SchemeEnforcementFilter moved service layer code to application layer. Moreover, SchemeEnforcementFilter doesn't implement Spring's interface, so it doesn't work with Spring container. That means that it doesn't work with any standard. This make it too hard to maintain. Actually in my case, with the clue from you I would really get lost. I learned Roller will be moved to CMA in 4.1. I believe that is a right move. Any ideas or advices? Appreciate. Thank you very much. David --- On Fri, 6/12/09, Greg.Huber@... <Greg.Huber@...> wrote: > From: Greg.Huber@... <Greg.Huber@...> > Subject: Re: Problem in switching to HTTPS channel > To: dev@... > Cc: "Mailing List Apache Roller Developer" <dev@...>, "Mailing List Apache Roller User" <user@...> > Date: Friday, June 12, 2009, 7:44 AM > Hello, > > What you could try and do is add > "securelogin.https.port=9443" (as it > looks like you are using a non standard port) to either the > > roller.properties or your custom roller-custom.properties > file. > > Make sure also that the https is switched on also via the > roller.properties schemeenforcement.enabled=true and > securelogin.enabled=true properties. > > > Cheers Greg > > > > > > "(David) Ming Xia" <david.ming.xia@...> > > 11/06/2009 16:06 > Please respond to > dev@... > > > To > Mailing List Apache Roller User <user@...>, > Mailing List > Apache Roller Developer <dev@...> > cc > > Subject > Problem in switching to HTTPS channel > > > > > > > Hi, Everyone. > > I could not set up switching to HTTPS channel for > login. I added > couple of line into security.xml as illustrated in the > following sample > code. I started the application and tried to login at > > https://localhost:9443/blog/roller-ui/login.rol. > The login page was not > load up. > > > I would appreciate if some one could give some > advices. Do I need to > something in addition to change security.xml? > > > > Thank you for your help. > > David > > <!-- ===================== SSL SWITCHING > ==================== --> > <bean id="channelProcessingFilter" > class="org.acegisecurity.securechannel.ChannelProcessingFilter"> > > <property name="channelDecisionManager" > ref="channelDecisionManager"/> > <property name="filterInvocationDefinitionSource"> > <value> > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON > PATTERN_TYPE_APACHE_ANT > /roller_j_security_check=REQUIRES_SECURE_CHANNEL > /roller-ui/login.rol=REQUIRES_SECURE_CHANNEL > /roller-ui/login-redirect.rol=REQUIRES_SECURE_CHANNEL > /**=REQUIRES_INSECURE_CHANNEL > </value> > </property> > </bean> > <bean id="channelDecisionManager" > class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl"> > > <property name="channelProcessors"> > <list> > <bean > class="org.acegisecurity.securechannel.SecureChannelProcessor"/> > > <bean > class="org.acegisecurity.securechannel.InsecureChannelProcessor"/> > > </list> > </property> > </bean> > > > Share our environment commitment - conserve resources and > contribute to the reduction of CO2 emissions by not printing > the email unless absolutely necessary to do so. > > Any opinions expressed are those of the author, not Ricoh > UK Ltd. This communication does not constitute either offer > or acceptance of any contractually binding agreement. Such > offer or acceptance must be communicated in writing. It is > the responsibility of the recipient to ensure this email and > attachments are free from computer viruses before use and > the sender accepts no responsibility or liability for any > such computer viruses. > > Ricoh UK Ltd. may monitor the content of emails sent and > received via its network for the purpose of ensuring > compliance with its policies and procedures. This > communication contains information, which may be > confidential or privileged. The information is intended > solely for the use of the individual or entity named above. > If you are not the intended recipient, be aware that any > disclosure, copying, distribution or use of the contents of > this information is prohibited. If you have received this > communication in error, please notify the sender immediately > by return email with a copy to postmaster@... > . Please contact us on +44 (0) 208 261 4000 if you need > assistance. > > Registered in England No: 473236 > VAT No: GB524161280