Visualização combinada Visão plana Exibição em árvore
Tópicos [ Anterior | Próximo ]
toggle
Oliver Bayer
Liferay 5.2.3 Apache webserver + tomcat https problem
28 de Agosto de 2012 05:21
Resposta

Oliver Bayer

Ranking: Liferay Master

Mensagens: 889

Data de entrada: 18 de Fevereiro de 2009

Mensagens recentes

Hi there,

I know there are many threads regarding the setup of ssl but no given solution seems to be working in my case.

My usecase:
Liferay 5.2.3 CE (tomcat 6.0.18) is running behind an apache webserver (not on the same server). The webserver handles https in the virtual host file (port 443) and redirects with mod_jk and the jk mount to the tomcat ajp port 8009. What I'm trying to achieve is that all trafic should be handled with http besides the login which should be secured via https. So nothing fancy here I think emoticon.

What's working right now:
If I call the server url directly using https the login is working as expected.

Not working:
If I call the url using http the browser gets redirected to https by setting company.security.auth.requires.https=true. But after entering the credentials the user isn't logged in.

Used properties:
1company.security.auth.requires.https=true
2web.server.http.port=80
3web.server.https.port=443
4web.server.host=myhost.example.com
5com.liferay.portal.servlet.filters.sessionid.SessionIdFilter=false/true (both don't work)

What's the best way to "debug" the setup? I'm really looking forward to any hints.

Greets Oli
Oliver Bayer
[solved] RE: Liferay 5.2.3 Apache webserver + tomcat https problem
11 de Setembro de 2012 05:02
Resposta

Oliver Bayer

Ranking: Liferay Master

Mensagens: 889

Data de entrada: 18 de Fevereiro de 2009

Mensagens recentes

Hi,

it seems -at least for me- as a liferay bug emoticon. Comparing it with liferay v6.1.0 I've found the place where you have to put the bugfix in. You have to use the ext environment and override the "PortalRequestProcessor" class. Change the method "protected String getLastPath(HttpServletRequest request)" at line 376 to look exactly the same way as LoginAction.getCompleteRedirectURL line 156 from liferay v6.1.0.

See the following code snippet as reference:
1if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
2    (httpsInitial != null) && (!httpsInitial.booleanValue())) {
3   
4change to:
5if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
6    [b](!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&[/b]
7    (httpsInitial != null) && (!httpsInitial.booleanValue())) {

HTH Oli