On 02/17/10 02:00 PM, Xin Guo wrote:
> Hi Kshitiz,
>
> Thanks a lot for all the help. It finally worked. It turned out that
> for Sun Application Server 9.1_02 (build b04-fcs), enabling this
> property will cause a server internal error, which will be fixed by a
> server restart. After that, it should work as expected. On GlassFish
> Enterprise Server v2.1.1 ((v2.1 Patch06)(9.1_02 Patch12)) (build
> b31g-fcs), this issue has been fixed so restart is not necessary.
>
> Thanks again for your help,
Thanks, Xin, for confirming that this is working as expected on GF v2.1.1.
Jan
>
> Kshitiz Saxena wrote:
>> Hi,
>>
>> Yes, these proxy headers indicate that request received by IIS was
>> over HTTPS. When you enable auth-passthrough, it will be correctly
>> reflected at application server as well.
>>
>> Thanks,
>> Kshitiz
>>
>> On Tuesday 16 February 2010 03:23 AM, Xin Guo wrote:
>>> Hi Kshitiz and Experts,
>>>
>>> I got some more debugging info about this issue: I put a snoop jsp
>>> in the app server, without enabling the authPassthroughEnabled
>>> parameter. I discovered that the IIS http load balancer plugin
>>> indeed passed the following custom headers to app server:
>>> proxy-ip: xxx.xxx.xxx.xxx
>>> proxy-keysize: 128
>>> proxy-secret-keysize : 1024
>>> proxy-jroute: -cfD
>>>
>>> I assume this should be enough for the app server to make a
>>> decision, once the authPassthroughEnabled is set to true? We are
>>> using Sun App Server 9.2 in non-cluster mode.
>>>
>>> Thanks,
>>>
>>> Xin Guo wrote:
>>>> Hi Kshitiz,
>>>>
>>>> Just tested setting authPassthroughEnabled to ture on app server,
>>>> and when I try to access the app server through the IIS lb plugin,
>>>> I got a 500 server internal error. But the server admin console are
>>>> sitll working, so I quickly removed this change. But still got the
>>>> HTTP 500 error.
>>>> Looks like this change has caused app server to crash. Do I have to
>>>> specify "proxyHandler" (I read that it will be pick up automatically).
>>>>
>>>> Again, a little bit of background info:
>>>>
>>>> - App Server in stand alone mode (no cluster, so HTTP load balancer
>>>> didn't show up in admin console), on non-ssl port
>>>> - IIS with HTTP LB plugin, run on ssl port. It was able to send the
>>>> http traffic to the app server, on the non-ssl port.
>>>> - The problem: I want the app server to know the protocol (http vs.
>>>> https) .
>>>> - In IIS's loadbalaner.xml, the following are defined:
>>>> <property name="rewrite-location" value="true"/>
>>>> <property name="https-routing" value="false"/>
>>>>
>>>> Any ideas?
>>>>
>>>> Thanks a lot,
>>>>
>>>> Kshitiz Saxena wrote:
>>>>> Hi,
>>>>>
>>>>> The load-balancer plugin installed on IIS will take care of
>>>>> encoding and passing required parameters to application server.
>>>>> You need to enable enable auth-passthrough using property
>>>>> authPassthroughEnabled on application server.
>>>>>
>>>>> rewrite-location is only used for redirection.
>>>>>
>>>>> Thanks,
>>>>> Kshitiz
>>>>>
>>>>> On Thursday 11 February 2010 11:08 PM, Xin Guo wrote:
>>>>>> Hi,
>>>>>>
>>>>>> We are using Sun App Server 9.1 (Glassfish 2.1.1), which is
>>>>>> fronted by Windows IIS server with HTTP Load Balancer plug-in
>>>>>> provided by app server 9.1. We want to terminate HTTPS on the
>>>>>> IIS/http-load-balancer, and use only http on Sun App Server 9.1.
>>>>>>
>>>>>> The problem is, the app server then has no idea about the
>>>>>> protocol of the original request, and will tell the web
>>>>>> applications running inside to use http://hostname:80 to form
>>>>>> absolute URL.
>>>>>>
>>>>>> Is there any way to overcome this issue? We have the following
>>>>>> properties defined in the IIS loadbalancer.xml:
>>>>>> <property name="rewrite-location" value="true"/>
>>>>>> <property name="https-routing" value="false"/>
>>>>>>
>>>>>> I read that authPassthroughEnabled property might be helpful, but
>>>>>> then its default implementation requires the IIS to pass back
>>>>>> certain custom http headers. We don't have control on IIS, so
>>>>>> that's unlikely to happen.
>>>>>>
>>>>>> Please let me know if you have solved similar problems in the past.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>
>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>