AnsweredAssumed Answered

Alfresco + SSL <security-constraint> broken

Question asked by dannyboy on Aug 21, 2009
Latest reply on Nov 18, 2009 by dannyboy
If I would like my entire webapp directory to be SSL protected, I would throw this in at the bottom of web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Indeed, after this constraint is in place all pages are accessed through the SSL protocol. I am able to access the Share webapp login page just fine. However, once I enter in my credentials I can not login.
I suspect that applying SSL to all subdirectories is screwing something up? If I change "<transport-guarantee> CONFIDENTIAL" to "NONE", SSL doesn't work on all pages.

I am doing this because I would like all 80 port queries to be forwarded to 8443. If I don't include the "<transport-guarantee> CONFIDENTIAL", port 80 doesn't forward to the SSL port even though I have the following in server.xml:
      
<Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
      connectionTimeout="20000"
      
      />
<Connector port="80" protocol="HTTP/1.1" URIEncoding="UTF-8"
      connectionTimeout="20000"
      redirectPort="8443"/>
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
      keystoreFile=*****
      keystorePass=*****
      redirectPort="8080" 

Outcomes