Hi there,
I know there are many threads regarding the setup of ssl but no given solution seems to be working in my case.
My usecase:
Liferay 5.2.3 CE (tomcat 6.0.18) is running behind an apache webserver (not on the same server). The webserver handles https in the virtual host file (port 443) and redirects with mod_jk and the jk mount to the tomcat ajp port 8009. What I'm trying to achieve is that all trafic should be handled with http besides the login which should be secured via https. So nothing fancy here I think
.
What's working right now:
If I call the server url directly using https the login is working as expected.
Not working:
If I call the url using http the browser gets redirected to https by setting company.security.auth.requires.https=true. But after entering the credentials the user isn't logged in.
Used properties:
What's the best way to "debug" the setup? I'm really looking forward to any hints.
Greets Oli
I know there are many threads regarding the setup of ssl but no given solution seems to be working in my case.
My usecase:
Liferay 5.2.3 CE (tomcat 6.0.18) is running behind an apache webserver (not on the same server). The webserver handles https in the virtual host file (port 443) and redirects with mod_jk and the jk mount to the tomcat ajp port 8009. What I'm trying to achieve is that all trafic should be handled with http besides the login which should be secured via https. So nothing fancy here I think
.What's working right now:
If I call the server url directly using https the login is working as expected.
Not working:
If I call the url using http the browser gets redirected to https by setting company.security.auth.requires.https=true. But after entering the credentials the user isn't logged in.
Used properties:
company.security.auth.requires.https=true
web.server.http.port=80
web.server.https.port=443
web.server.host=myhost.example.com
com.liferay.portal.servlet.filters.sessionid.SessionIdFilter=false/true (both don't work)
What's the best way to "debug" the setup? I'm really looking forward to any hints.
Greets Oli
Hi,
it seems -at least for me- as a liferay bug. Comparing it with liferay v6.1.0 I've found the place where you have to put the bugfix in. You have to use the ext environment and override the "PortalRequestProcessor" class. Change the method "protected String getLastPath(HttpServletRequest request)" at line 376 to look exactly the same way as LoginAction.getCompleteRedirectURL line 156 from liferay v6.1.0.
See the following code snippet as reference:
HTH Oli
it seems -at least for me- as a liferay bug
. Comparing it with liferay v6.1.0 I've found the place where you have to put the bugfix in. You have to use the ext environment and override the "PortalRequestProcessor" class. Change the method "protected String getLastPath(HttpServletRequest request)" at line 376 to look exactly the same way as LoginAction.getCompleteRedirectURL line 156 from liferay v6.1.0.See the following code snippet as reference:
if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
(httpsInitial != null) && (!httpsInitial.booleanValue())) {
change to:
if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
[b](!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&[/b]
(httpsInitial != null) && (!httpsInitial.booleanValue())) {
HTH Oli