[opencms-dev] HTTPS pages

Ivan Biddles ivanb at scientology.net
Wed Jan 22 21:29:43 CET 2003 

Hi,

I have discovered something about my configuration that may shed some
light on my HTTPS and LinkSubstitution problems.

I am running Apache httpd 2 and Tomcat 4 on Linux. When an https request
comes into Apache it decrypts it and passes it on to Tomcat as an _http_
request. 

Consequently, OpenCms thinks that the current scheme is http, so it
doesn't prefix the http page links on the page with http:// because that
would seem to be unnecessary. So the web server (I guess) adds the
http_S_// prefix and I'm stuck in SSL from then on.

I'm posting this to help anyone in the future who sees these symptoms
and to ask if anyone has a similar configuration to mine who is using
SSL and who has overcome this ... maybe by some Apache or Tomcat
configuration setting.

Best wishes,
              Ivan

-----Original Message-----
From: owner-opencms-dev at www.opencms.org
[mailto:owner-opencms-dev at www.opencms.org] On Behalf Of Ivan Biddles
Sent: Friday, January 17, 2003 09:59
To: opencms-dev at www.opencms.org
Subject: RE: [opencms-dev] HTTPS pages

Hi Marian,

I do have my url_prefix_servername set, but it still doesn't work for me
the way I think it should.
 
I believe that there are some issues with LinkSubstitution, and maybe
someone from the OpenCms team could comment.

a. Looking at, for example, Amazon.com, it IS correct that the images
should come down as https, so that is OK.

b. Links to non-https pages (pages which have NOT been marked as
"export=https") inside an https page should be resolved to http://...,
but are instead resolved to "https//...".

c. If you define a single page as "export=dynamic", it resolves the
reference to a stylesheet (which I have marked as "export=true"), as
.../opencms/opencms/... and then doesn't find it. Given that it is
"export=true" surely it should be resolved as .../opencms/export/...

It seems that the link substitution needs to be different depending upon
the TYPE of item being linked (image, stylesheet, or hyperlink), and
particularly upon the value of the export property defined for the
linked item.

Can this be handled by changing the export rules, or is there a latent
bug in LinkSubstitution?

If the latter, I'd be happy to work out a resolution for it and post
that back to the team, but if the former I don't want to waste any time
on it.

Please let me know.

Best wishes,
              Ivan


-----Original Message-----
From: owner-opencms-dev at www.opencms.org
[mailto:owner-opencms-dev at www.opencms.org] On Behalf Of Marian Kasala
Sent: Friday, January 17, 2003 00:56
To: opencms-dev at www.opencms.org
Subject: Re: [opencms-dev] HTTPS pages

Hi Ivan,

I faced same problem first but after additional setting in
opencms.properties
started to work correctly:

Except of this line:
url_prefix_https=https://server_name:8443/${WEB_APP_NAME}/opencms

I set also:

url_prefix_servername=http://server_name:8080

Best Regards,
   Marian Kasala


AP Soft GmbH
Pod juhom 1
SK-911 01 TrencĂ­n

Tel.: +421 32 7480056
Fax: +421 32 7480053

----- Original Message -----
From: "Ivan Biddles" <ivanb at scientology.net>
To: <opencms-dev at www.opencms.org>
Sent: Friday, January 17, 2003 9:04 AM
Subject: RE: [opencms-dev] HTTPS pages


> OK, my problem was due to some strange issues with publishing and is
now
> resolved.
>
> However, I have an issue that I had asked about a few months ago which
> is that once an HTTPS page is invoked, all the links in that page that
> should go back to straight HTTP stay in HTTPS.
>
> So once you go into HTTPS you can never leave it. This is very bad,
> because depending upon browser settings you can end up with a dialog
box
> every time you click on a link that ought to be HTTP but is now being
> invoked as HTTPS.
>
> "This page contains both secure and non secure items. Do you want to
> display the nonsecure items ?"
>
> The problem seems to be with LinkSubstitution.getLinkSubstitution
which
> overrides the link resolution whenever the page is currently in HTTPS
> mode.
>
> I need to release my site very soon, so I would really appreciate some
> ideas  on this.
>
> Best wishes,
>             Ivan
>
>
>
> -----Original Message-----
> From: owner-opencms-dev at www.opencms.org
> [mailto:owner-opencms-dev at www.opencms.org] On Behalf Of Ivan Biddles
> Sent: Thursday, January 16, 2003 19:06
> To: opencms-dev at www.opencms.org
> Subject: [opencms-dev] Images in HTTPS pages
>
> Hi,
>
> I have some pages that are defined as "https". When you click a link
> from an http page, the https page comes up, but the images do not
> appear.
>
> These images are the same ones that appeared successfully on the
> previous (http) page.
>
> When I click on the space where the image should be and select
> "Properties", the image name is defined as "https//....".
>
> I haven't been able to find a way to specify that the images should
> always be accessed via http. I have tried changing the
> ruleset.dynamic_externrules but without success.
>
> My page is defined as "export=https" and my images as "export=true".
>
> (My configuration is 5.0 RC1 on W2K and Linux, with Tomcat 4.1.12 and
> MySQL 4.0.4)
>
> Does anyone know the right way to do this?
>
> Thanks,
>          Ivan
>

More information about the opencms-dev mailing list