Thanks for the reply!
After more hunting, I can see the bug at
https://fisheye4.atlassian.com/browse/glassfish-svn/tags/3.1.1-b06/security/webintegration/src/main/java/com/sun/web/security/RealmAdapter.java?hb=true.
I assume the "split" produces an array of length 1 if default ports are used
in the request (no ":8080" present), and so the "hostPort[1] == null" code
throws an exception. I could patch it myself if I had buildable source.
Is there a HOWTO guide on how to download glassfish source and build it?
You mention 3.1.2 has the fix, is that available as a beta, or are you saying
I need to be a glassfish customer to obtain that?
Whether I build my own source, or upgrade to 3.1.2 binaries, is there a way
for me to install it as an "upgrade" so I do not have to do a fresh install
and configure all my settings again (that's the main reason I do not want to
drop back to 3.1.0, or maybe there is a way I can simply do a "downgrade" of
an existing install to 3.1.0 until 3.1.2 is out).
The other thing I started wondering about is if I could remove the
"<transport-guarantee>CONFIDENTIAL</transport-guarantee>" statements from
web.xml and add some sort of filter that caused all requests that were not
using SSL to go to https:\\<server>:443\<original request>, perhaps as some
sort of redirect? Basically manually in my own code causing the redirect
from :80 to :443 and avoiding the built in glassfish automatic method.
Thanks,
Mark
--
[Message sent by forum member 'markkr2']
View Post: http://forums.java.net/node/834152