Https forwarding problem

Fri, 06 Mar 2009 03:21:54 -0800 

Hi,

I am using Tomcat 5.5 and I want to forward incoming requests at port 80 to
port 443 (i.e. SSL secure connection).  This I have achieved quite easily
via the following configuration:

web.xml:

<security-constraint>
    <web-resource-collection>
               <url-pattern>/*</url-pattern>
          </web-resource-collection>
          <!-- auth-constraint goes here if you requre authentication -->
          <user-data-constraint>
              <transport-guarantee>CONFIDENTIAL</transport-guarantee>
          </user-data-constraint>
</security-constraint>

server.xml:

<Connector port="80" redirectPort="443" />
<Connector port="443" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/keystore.jks"
               keystorePass="xyz" maxPostSize="15728640" />

I have created the certificates, etc. and it works fine and if i type
http://localhost I am redirected to https://localhost and the login page is
shown.  But, during login, I am making a web service call.  These web
services are deployed on the same Tomcat and are accessed via
http://localhost/axis2/rest...

When i try to login I am getting an exception:

java.net.ConnectException: Connection refused
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
        at
java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
        at java.net.Socket.connect(Socket.java:520)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:545)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:389)
        at
com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:121)
        at
org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:81)
        at
org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:126)


So i figured that the web service call is also being accessed via SSL and
that is not supportted by the caller.  Anyway to get around this I have
tried a NUMBER of things:

1. I added a second security-constraint in web.xml with url pattern as
/axis2/* which has transport-guarantee as NONE.
2. I added a 2nd <service> to my server.xml that has the web services
deployed on a different port.
3. And a whole lot of other things that were useless :(

Is it even possible to do this, going from https -> http (they are 2
separate applications mind you)?  Does anyone have any suggestions on how to
fix this?  This is driving me nuts!  Thanks!

Reply via email to