Hi,
I am currently trying to disable the use of https on the webtools/admin side of ofbiz so that we can use access control to pass users to the appropriate location within our network. Our system will consist of SSL terminated behind our router/firewall on the proxy server prior to the proxy forwarding to the ofbiz application servers. https will be used until the traffic hits the proxy where it is decrypted using stunnel or similar. Once decrypted we will use the http-based ACLs to pass the traffic to the appropriate login instance. Problem is, I seem to be unable to force the use of http only within our test environment. Currently the test environment we have been looking at this with is trunk-2009-07-21-v796194 using embedded Tomcat but we would be looking to running a full Tomcat install on a production system. To date I have tried changing the settings of url.properties to port.https.enabled=N and force.http.host=Y also have looked at server.xml in the tomcat6 section and just for a test changed all 8443 to 8080 however when the following url was tried http://server-name:8080/webtools/login it changed back to https://.......:8443/.... I was wondering if there was anything that I have missed or if there is a specific file/entry that holds the configuration settings for webtools/login. I haven't had much experience of configuring Tomcat or OfBiz (past database setup and initial install) as until recently my focus has been elsewhere. Regards William Angus -- William Angus - Systems Analyst Virtual Xpert Pty Ltd Suite 207, 35 Buckingham Street Surry Hills NSW 2010 Australia Ph: +61 2 9007 1480 Fax: +61 2 8905 9438 Mob: +61 424 298 449 email: [hidden email] www.virtualxpert.com.au |
Hi William
The only way I know of is to edit the relevant controller.xml file(s), looking for <security https="true".../> and changing that "true" to "false". Someone else may know a better way. Cheers, Anne. 2009/8/6 William Angus <[hidden email]> Hi, -- Coherent Software Australia Pty Ltd PO Box 2773 Cheltenham Vic 3192 Phone: (03) 9585 6788 Fax: (03) 9585 1086 Web: http://www.cohsoft.com.au/ Email: [hidden email] Bonsai ERP, the all-inclusive ERP system http://www.bonsaierp.com.au/ signature.asc (278 bytes) Download Attachment |
I think that'll come down to the only option unless you want to change
the RequestHandler class, even if you can prevent the redirect by configuration any POST data meant for a secure url will be rejected if sent via http. Regards Scott HotWax Media http://www.hotwaxmedia.com On 6/08/2009, at 3:03 PM, [hidden email] wrote: > Hi William > > The only way I know of is to edit the relevant controller.xml > file(s), looking for > > <security https="true".../> > > and changing that "true" to "false". > > Someone else may know a better way. > > Cheers, > Anne. > > 2009/8/6 William Angus <[hidden email]> > Hi, > > I am currently trying to disable the use of https on the webtools/ > admin side of ofbiz so that we can use access control to pass users > to the appropriate location within our network. > > Our system will consist of SSL terminated behind our router/firewall > on the proxy server prior to the proxy forwarding to the ofbiz > application servers. https will be used until the traffic hits the > proxy where it is decrypted using stunnel or similar. Once decrypted > we will use the http-based ACLs to pass the traffic to the > appropriate login instance. > > Problem is, I seem to be unable to force the use of http only within > our test environment. > > Currently the test environment we have been looking at this with is > trunk-2009-07-21-v796194 using embedded Tomcat but we would be > looking to running a full Tomcat install on a production system. > > To date I have tried changing the settings of url.properties to > port.https.enabled=N > and > force.http.host=Y > > also have looked at server.xml in the tomcat6 section and just for a > test changed all 8443 to 8080 however when the following url was tried > http://server-name:8080/webtools/login > it changed back to https://.......:8443/.... > > I was wondering if there was anything that I have missed or if there > is a specific file/entry that holds the configuration settings for > webtools/login. > > I haven't had much experience of configuring Tomcat or OfBiz (past > database setup and initial install) as until recently my focus has > been elsewhere. > > Regards > William Angus > -- > William Angus - Systems Analyst > Virtual Xpert Pty Ltd > Suite 207, 35 Buckingham Street > Surry Hills > NSW 2010 > Australia > > Ph: +61 2 9007 1480 > Fax: +61 2 8905 9438 > Mob: +61 424 298 449 > email: [hidden email] > > www.virtualxpert.com.au > > > > -- > Coherent Software Australia Pty Ltd > PO Box 2773 > Cheltenham Vic 3192 > Phone: (03) 9585 6788 > Fax: (03) 9585 1086 > Web: http://www.cohsoft.com.au/ > Email: [hidden email] > > Bonsai ERP, the all-inclusive ERP system > http://www.bonsaierp.com.au/ > smime.p7s (3K) Download Attachment |
In reply to this post by William Angus
Hi William,
I recently had to do a similar task. My solution was to proxy Tomcat with and Apache httpd instance via AJP/JK. Within Apache you now have a fair number of flexible tools that allow you to modify URLs as they pass through. mod_rewrite is especially helpful here to use to fake out Tomcat. Mike On Aug 5, 2009, at 10:33 PM, William Angus wrote: > Hi, > > I am currently trying to disable the use of https on the webtools/ > admin side of ofbiz so that we can use access control to pass users > to the appropriate location within our network. > > Our system will consist of SSL terminated behind our router/firewall > on the proxy server prior to the proxy forwarding to the ofbiz > application servers. https will be used until the traffic hits the > proxy where it is decrypted using stunnel or similar. Once decrypted > we will use the http-based ACLs to pass the traffic to the > appropriate login instance. > > Problem is, I seem to be unable to force the use of http only within > our test environment. > > Currently the test environment we have been looking at this with is > trunk-2009-07-21-v796194 using embedded Tomcat but we would be > looking to running a full Tomcat install on a production system. > > To date I have tried changing the settings of url.properties to > port.https.enabled=N > and > force.http.host=Y > > also have looked at server.xml in the tomcat6 section and just for a > test changed all 8443 to 8080 however when the following url was tried > http://server-name:8080/webtools/login > it changed back to https://.......:8443/.... > > I was wondering if there was anything that I have missed or if there > is a specific file/entry that holds the configuration settings for > webtools/login. > > I haven't had much experience of configuring Tomcat or OfBiz (past > database setup and initial install) as until recently my focus has > been elsewhere. > > Regards > William Angus > -- > William Angus - Systems Analyst > Virtual Xpert Pty Ltd > Suite 207, 35 Buckingham Street > Surry Hills > NSW 2010 > Australia > > Ph: +61 2 9007 1480 > Fax: +61 2 8905 9438 > Mob: +61 424 298 449 > email: [hidden email] > > www.virtualxpert.com.au |
Free forum by Nabble | Edit this page |