Vista combinada Visión Plana Vista de árbol
Discusiones [ Anterior | Siguiente ]
toggle
Oliver Bayer
Liferay 5.2.3 Apache webserver + tomcat https problem
28 de agosto de 2012 5:21
Respuesta

Oliver Bayer

Ranking: Liferay Master

Mensajes: 875

Fecha de incorporación: 18 de febrero de 2009

Mensajes recientes

Hi there,

I know there are many threads regarding the setup of ssl but no given solution seems to be working in my case.

My usecase:
Liferay 5.2.3 CE (tomcat 6.0.18) is running behind an apache webserver (not on the same server). The webserver handles https in the virtual host file (port 443) and redirects with mod_jk and the jk mount to the tomcat ajp port 8009. What I'm trying to achieve is that all trafic should be handled with http besides the login which should be secured via https. So nothing fancy here I think emoticon.

What's working right now:
If I call the server url directly using https the login is working as expected.

Not working:
If I call the url using http the browser gets redirected to https by setting company.security.auth.requires.https=true. But after entering the credentials the user isn't logged in.

Used properties:
1company.security.auth.requires.https=true
2web.server.http.port=80
3web.server.https.port=443
4web.server.host=myhost.example.com
5com.liferay.portal.servlet.filters.sessionid.SessionIdFilter=false/true (both don't work)

What's the best way to "debug" the setup? I'm really looking forward to any hints.

Greets Oli
Oliver Bayer
[solved] RE: Liferay 5.2.3 Apache webserver + tomcat https problem
11 de septiembre de 2012 5:02
Respuesta

Oliver Bayer

Ranking: Liferay Master

Mensajes: 875

Fecha de incorporación: 18 de febrero de 2009

Mensajes recientes

Hi,

it seems -at least for me- as a liferay bug emoticon. Comparing it with liferay v6.1.0 I've found the place where you have to put the bugfix in. You have to use the ext environment and override the "PortalRequestProcessor" class. Change the method "protected String getLastPath(HttpServletRequest request)" at line 376 to look exactly the same way as LoginAction.getCompleteRedirectURL line 156 from liferay v6.1.0.

See the following code snippet as reference:
1if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
2    (httpsInitial != null) && (!httpsInitial.booleanValue())) {
3   
4change to:
5if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
6    [b](!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&[/b]
7    (httpsInitial != null) && (!httpsInitial.booleanValue())) {

HTH Oli