AnsweredAssumed Answered

Alfresco SSL Glassfish issue

Question asked by munkee on Nov 24, 2011
Latest reply on Nov 26, 2011 by kyosuka
Hi all,

Can someone help us with getting Alfresco & Share secured using SSL & Glassfish?

We've got the following setup:
Unix Redhat 6
Alfresco and Share with https redirect turned on within Glassfish
Alresco and Share version:3.4d
glassfish version:3.1
Java version 1.6.029

This is what we have tried so far:

Enabled SSL for all contents of the web application for Alfresco
& Share in Glassfish and redirected http://:8080 to https://:8181

in 'web.xml' for alfresco and share, we have done the following:
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>SSL protected</web-resource-name>
                       <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
Deployed Alfresco and Share to Glassfish

Launch Alfresco from:
http://localhost:8080/alfresco, will auto redirect to
https://localhost:8181/alfresco. Log in and everything is OK.

Tried launching Share from http://localhost:8080/share, this automatically redirects to
https://localhost:8181/share, where we try log in, but this fails.

System shown error
message:The remote server may be unavailable or your authentication details have not been recognized.

Glassfish server.log shows the following error messages:
INFO: JACC Policy Provider: Failed Permission Check, context(share/share)- permission((javax.security.jacc.WebUserDataPermission  GET))
INFO: JACC Policy Provider: Failed Permission Check, context(alfresco/alfresco)- permission((javax.security.jacc.WebUserDataPermission /s/remotestore/has/alfresco/site-data/configurations/slingshot.site.configuration.xml GET))
INFO: JACC Policy Provider: Failed Permission Check, context(alfresco/alfresco)- permission((javax.security.jacc.WebUserDataPermission /s/remotestore/has/alfresco/site-data/themes/default.xml GET))
INFO: JACC Policy Provider: Failed Permission Check, context(alfresco/alfresco)- permission((javax.security.jacc.WebUserDataPermission /s/remotestore/has/alfresco/site-data/pages/site-index.xml GET))
INFO: JACC Policy Provider: Failed Permission Check, context(alfresco/alfresco)- permission((javax.security.jacc.WebUserDataPermission /s/remotestore/has/alfresco/site-data/pages/slingshot-login.xml GET))
INFO: JACC Policy Provider: Failed Permission Check, context(alfresco/alfresco)- permission((javax.security.jacc.WebUserDataPermission /s/remotestore/has/alfresco/site-data/template-instances/slingshot-login.xml GET))
INFO: JACC Policy Provider: Failed Permission Check, context(alfresco/alfresco)- permission((javax.security.jacc.WebUserDataPermission /s/remotestore/has/alfresco/site-data/template-types/org/alfresco/global/slingshot-login.xml GET))
INFO: JACC Policy Provider: Failed Permission Check, context(alfresco/alfresco)- permission((javax.security.jacc.WebUserDataPermission /s/remotestore/has/alfresco/site-data/template-types/webtemplate.xml GET))
WARNING: PWC4011: Unable to set request character encoding to UTF-8 from context /share, because request parameters have already been read, or ServletRequest.getReader() has already been called
INFO: JACC Policy Provider: Failed Permission Check, context(alfresco/alfresco)- permission((javax.security.jacc.WebUserDataPermission /s/api/login POST))
INFO: JACC Policy Provider: Failed Permission Check, context(alfresco/alfresco)- permission((javax.security.jacc.WebUserDataPermission /s/remotestore/has/alfresco/site-data/page-types/login.xml GET))
We think the above is being caused by Share trying to access the serverlet of Alfresco which
when its protected by SSL causes a JACC permission problem.

Any suggestions?

Outcomes