Fórum
Security constraint confidential for portal not working
manoj manoj, modificado 9 Anos atrás.
Security constraint confidential for portal not working
Junior Member Postagens: 36 Data de Entrada: 12/04/12 Postagens Recentes
Hi,
I am working on a project with Liferay 6.1 running on tomcat.
We have a requirement to not allow any http requests (only https).
So I checked my web.xml and I do have the following setting:
We do have the connectors correctly defined in service.xml
But when I give http://localhost:8080/portal , I expected it to redirect it to the https, but it is displaying the login page.
We have a few webservices that are exposed and we do not want them (in particular, and even other resources from /portal) to be accessed with http.
Does liferay override this settings anywhere or is it some problem with my web.xml configuration?
I am working on a project with Liferay 6.1 running on tomcat.
We have a requirement to not allow any http requests (only https).
So I checked my web.xml and I do have the following setting:
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/portal/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
We do have the connectors correctly defined in service.xml
But when I give http://localhost:8080/portal , I expected it to redirect it to the https, but it is displaying the login page.
We have a few webservices that are exposed and we do not want them (in particular, and even other resources from /portal) to be accessed with http.
Does liferay override this settings anywhere or is it some problem with my web.xml configuration?
David H Nebinger, modificado 9 Anos atrás.
RE: Security constraint confidential for portal not working
Liferay Legend Postagens: 14917 Data de Entrada: 02/09/06 Postagens Recentes
Tomcat should not be used for SSL. You're implementing it all in interpreted java, for pete's sake.
Instead you should use a fronting http server like apache httpd. Let it handle the redirection to https since it does it using native code.
Instead you should use a fronting http server like apache httpd. Let it handle the redirection to https since it does it using native code.
manoj manoj, modificado 9 Anos atrás.
RE: Security constraint confidential for portal not working
Junior Member Postagens: 36 Data de Entrada: 12/04/12 Postagens Recentes
Hi David,
We do have Webseal in front of liferay.
All access to it happens via webseal.
But the requirement was to disallow access to our portal if someone has the liferay server details.
Strangely, if I put <url-pattern>/*</url-pattern> in web.xml, it redirects to https port (but not for <url-pattern>/portal/*</url-pattern>)
I can not use this ( /* )since we need to allow access to other web apps.
We do have Webseal in front of liferay.
All access to it happens via webseal.
But the requirement was to disallow access to our portal if someone has the liferay server details.
Strangely, if I put <url-pattern>/*</url-pattern> in web.xml, it redirects to https port (but not for <url-pattern>/portal/*</url-pattern>)
I can not use this ( /* )since we need to allow access to other web apps.
David H Nebinger, modificado 9 Anos atrás.
RE: Security constraint confidential for portal not working
Liferay Legend Postagens: 14917 Data de Entrada: 02/09/06 Postagens Recentes
That is solved with a firewall rule. Block incoming traffic that does not originate from webseal.