Jul 10th, 2007, 06:59 PM
Help configuring Acegi
First, I have to apologize, I don't have all the config files to post. My work is on a private network so I'll try to describe what's going on and hope that someone can make suggestions.....
Here's what I'm trying to do....I want a secure website using x509 (everything ssl). I have the channelProcessing to map the nonsecure ports to the secure ports. It seems to work for some things but not all. I have the PortResolver configured. I want a user that references the http protocol and port to be redirected to the https protocol and port. If the user has a cert, but no account, I want them directed to a request account page, which should be available to users with certs, but not accounts. I've been making changes and trying to get everything working at once, but it seems like when 1 aspect works another doesn't.
Here's one of the scenarios.....I access http://localhost:7001/proj1 (the index.jsp has a redirect to a http://localhost:701/proj1/hello.htm mapped to controller, if I just have /hello.htm, it hangs). Looking at the debug, I can see that the filter takes the index.jsp and mapps to the the https and 7002 port. The debug looks like the filter chain starts over and what I end up seeing in the debug is a redirect to https://localhost:7001/proj1/hello.htm (note the https and the http port).
I also had a scenario where the http://localhost:7001/proj1 wouldn't work, but https://localhost:7002/proj1 would, but other issues would come up.
I tried including the anonymousFilter processing which seems to help, but again cause other issues. Right now I have the web.xml defining an error page to catch the 403 error and display the requestAccount page, but the controller does a redirect to the full url (debug again looks like the same request is being processed twice).
I've looked at the examples, but haven't really seen anything with the port mapper. I saw in the users guide that IE has issues with redirects and the portmapper should solve this, but it doesn't seem to work.
I may be trying to do something that Acegi wasn't designed for or maybe I need to provide some of my own implementations, right now I'm not sure. Any and all suggestions are appreciated. Never know what might point me in the right direction.
Jul 11th, 2007, 07:33 PM
I've addressed the problem with protocol and port not matching. I inserted the PortResolver to the controller and used it to build the proper redirect url
Jul 13th, 2007, 06:09 AM
For these types of scenarios, I find it is easier to hoist an apache server infront of your application and allow apache to deal with the issue. Then your application config isn't peppered with environment or network specific stuff (like http->https redirects, etc)