Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco + SSL <security-constraint> broken

dannyboy
Champ in-the-making
Champ in-the-making

‎08-21-2009 05:05 PM

If I would like my entire webapp directory to be SSL protected, I would throw this in at the bottom of web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Indeed, after this constraint is in place all pages are accessed through the SSL protocol. I am able to access the Share webapp login page just fine. However, once I enter in my credentials I can not login.
I suspect that applying SSL to all subdirectories is screwing something up? If I change "<transport-guarantee> CONFIDENTIAL" to "NONE", SSL doesn't work on all pages.

I am doing this because I would like all 80 port queries to be forwarded to 8443. If I don't include the "<transport-guarantee> CONFIDENTIAL", port 80 doesn't forward to the SSL port even though I have the following in server.xml:
      
 <Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
      connectionTimeout="20000"
      
      />
<Connector port="80" protocol="HTTP/1.1" URIEncoding="UTF-8"
      connectionTimeout="20000"
      redirectPort="8443"/>
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
      keystoreFile=*****
      keystorePass=*****
      redirectPort="8080" 
Labels:
0 Kudos
4 REPLIES 4

dannyboy
Champ in-the-making
Champ in-the-making

‎08-21-2009 05:32 PM

Please let me know if I am not clear. I am not an expert 😕

I now realized that enabling SSL on the entire directory means that I won't be able to upload or download documents. This makes sense I guess.

What url should I put in 

<url-pattern>/*</url-pattern>
so that all logins are done through SSL but main page isn't?
0 Kudos

hughesjr
Champ in-the-making
Champ in-the-making

‎09-24-2009 02:47 PM

Anyone have an answer for this question … I would like to have the logins via https as well.
0 Kudos

benswitzer
Champ in-the-making
Champ in-the-making

‎09-25-2009 12:04 PM

My recommendation would be to use a web server (Apache, IIS, etc) in front of Alfresco to handle the initial requests.  Setting up a web server to handle the SSL requests is much more straight forward.  Then use mod_jk to have those requests passed to Tomcat which is running Alfresco.

I've used both IIS (6 & 7) as well as Apache (2) in the past with good results.

Ben
0 Kudos

dannyboy
Champ in-the-making
Champ in-the-making

‎11-18-2009 03:08 PM

Bumping this.

Still a problem. When I have CONFIDENTIAL added to web.xml, the login information doesn't authenticate.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC