On 11/06/2010 15:53, Luca Fagioli wrote: > Il 11/06/2010 16:01, Caldarale, Charles R ha scritto: >>> From: Pid [mailto:p...@pidster.com] >>> Subject: Re: Why my web application automatically switchs to https? >>> >>> Exact Tomcat, JVM, OS versions? >>> >>> Are you using HTTPD/IIS as well? >>> >>> Does the HTML contain hardcoded URLs? >>> >>> Are you using a framework like Struts? >>> >> And are you running Tomcat under Eclipse or some other IDE? (Those >> often use their own configurations, ignoring what you've specified.) >> >> Which web.xml was changed? (Modifying the one in tomcat's conf >> directory would be a mistake.) >> >> Post the complete WEB-INF/web.xml from your webapp. >> >> - Chuck >> > > Thank you guys, > but the problem starts to be even more complicated. The application i've > started to working with is running in the Sterling Integrator (Gentran > Integration Suite) environment, and turned out that its servlet > container is not Tomcat, but Jetty. > > I'm in a big trouble, i think. I've posted the same question in the > Jetty users list, but less traffic out there. > > By the way, this is the web.xml of the application: > > <?xml version="1.0" encoding="UTF-8"?> > <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application > 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";> > <web-app> > <display-name>Cedacri Web</display-name> > <filter> > <filter-name>SessionExpiredFilter</filter-name> > <filter-class>com.innovery.cedacri.servlets.SessionExpiredFilter</filter-class> > > </filter> > <filter-mapping> > <filter-name>SessionExpiredFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > <servlet> > <servlet-name>dispatcherAN</servlet-name> > <servlet-class>com.innovery.cedacri.servlets.RequestDispatcherANAGRAFICA</servlet-class> > > </servlet> > <servlet> > <servlet-name>dispatcherSE</servlet-name> > <servlet-class>com.innovery.cedacri.servlets.RequestDispatcherSERVERS</servlet-class> > > </servlet> > <servlet> > <servlet-name>dispatcherIN</servlet-name> > <servlet-class>com.innovery.cedacri.servlets.RequestDispatcherINCOMING</servlet-class> > > </servlet> > <servlet> > <servlet-name>dispatcherOU</servlet-name> > <servlet-class>com.innovery.cedacri.servlets.RequestDispatcherOUTGOING</servlet-class> > > </servlet> > <servlet> > <servlet-name>dispatcherOUI</servlet-name> > <servlet-class>com.innovery.cedacri.servlets.RequestDispatcherOUTGOINGISTITUTI</servlet-class> > > </servlet> > <servlet> > <servlet-name>dispatcherCO</servlet-name> > <servlet-class>com.innovery.cedacri.servlets.RequestDispatcherCONFIGURAZIONI</servlet-class> > > </servlet> > <servlet> > <servlet-name>dispatcherDE</servlet-name> > <servlet-class>com.innovery.cedacri.servlets.RequestDispatcherDEPOSITO</servlet-class> > > </servlet> > <servlet> > <servlet-name>dispatcherRE</servlet-name> > <servlet-class>com.innovery.cedacri.servlets.RequestDispatcherRECUPERO</servlet-class> > > </servlet> > <servlet> > <servlet-name>dispatcherFI</servlet-name> > <servlet-class>com.innovery.cedacri.servlets.RequestDispatcherFILIALI</servlet-class> > > </servlet> > <servlet> > <servlet-name>dispatcherII</servlet-name> > <servlet-class>com.innovery.cedacri.servlets.RequestDispatcherINCOMINGISTITUTI</servlet-class> > > </servlet> > <servlet> > <servlet-name>dispatcherTJ</servlet-name> > <servlet-class>com.innovery.cedacri.servlets.RequestDispatcherTEMPLATEJCL</servlet-class> > > </servlet> > <servlet> > <servlet-name>Logout</servlet-name> > <servlet-class>com.innovery.cedacri.servlets.Logout</servlet-class> > </servlet> > > <servlet-mapping> > <servlet-name>dispatcherAN</servlet-name> > <url-pattern>/dispatcherAN</url-pattern> > </servlet-mapping> > <servlet-mapping> > <servlet-name>dispatcherSE</servlet-name> > <url-pattern>/dispatcherSE</url-pattern> > </servlet-mapping> > <servlet-mapping> > <servlet-name>dispatcherIN</servlet-name> > <url-pattern>/dispatcherIN</url-pattern> > </servlet-mapping> > <servlet-mapping> > <servlet-name>dispatcherOU</servlet-name> > <url-pattern>/dispatcherOU</url-pattern> > </servlet-mapping> > <servlet-mapping> > <servlet-name>dispatcherOUI</servlet-name> > <url-pattern>/dispatcherOUI</url-pattern> > </servlet-mapping> > <servlet-mapping> > <servlet-name>dispatcherCO</servlet-name> > <url-pattern>/dispatcherCO</url-pattern> > </servlet-mapping> > <servlet-mapping> > <servlet-name>dispatcherDE</servlet-name> > <url-pattern>/dispatcherDE</url-pattern> > </servlet-mapping> > <servlet-mapping> > <servlet-name>dispatcherRE</servlet-name> > <url-pattern>/dispatcherRE</url-pattern> > </servlet-mapping> > <servlet-mapping> > <servlet-name>dispatcherFI</servlet-name> > <url-pattern>/dispatcherFI</url-pattern> > </servlet-mapping> > <servlet-mapping> > <servlet-name>dispatcherII</servlet-name> > <url-pattern>/dispatcherII</url-pattern> > </servlet-mapping> > <servlet-mapping> > <servlet-name>dispatcherTJ</servlet-name> > <url-pattern>/dispatcherTJ</url-pattern> > </servlet-mapping> > <servlet-mapping> > <servlet-name>Logout</servlet-name> > <url-pattern>/Logout</url-pattern> > </servlet-mapping> > > <welcome-file-list> > <welcome-file>login.jsp</welcome-file> > </welcome-file-list>
If you're using container managed security, you should never make a direct request for the login form. Maybe one of those servlets is doing the HTTPS redirect. p > <taglib> > <taglib-uri>http://www.stercomm.com/uix/security</taglib-uri> > <taglib-location>tld/userautho.tld</taglib-location> > </taglib> > <taglib> > <taglib-uri>http://jakarta.apache.org/taglibs/xtags-1.0</taglib-uri> > <taglib-location>tld/taglibs-xtags.tld</taglib-location> > </taglib> > > <security-constraint> > <web-resource-collection> > <web-resource-name>The entire Cedacri dashboard > application</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > > </web-app> > > > > Luca > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
signature.asc
Description: OpenPGP digital signature
