Security Scrapbook
Resin 3.0
Features
Installation
Configuration
Web Applications
IOC/AOP
Resources
JSP
Servlets and Filters
Portlets
Databases
Admin (JMX)
CMP
EJB
EJB 3.0
Security
XML and XSLT
XTP
JMS
Performance
Protocols
Third-party
Troubleshooting/FAQ
Authentication
Digest Passwords
Authorization
SSL
Security Manager
Malicious Attacks
Tutorials
FAQ
Scrapbook
FAQ
Security
XML and XSLT

A repository of notes and comments that will eventually make their way into the documentation. Please treat the information here with caution, it has often not been verified.

  1. Where can I learn more about SSL?
  2. Converting a JSSE Keystore to OpenSSL
  3. How do I handle port 80 and root issues on Linux?

Where can I learn more about SSL?

  • Apache documentation

Converting a JSSE Keystore to OpenSSL

  • Apache documentation
link

How do I handle port 80 and root issues on Linux?

When using the 2.6 Linux kernel or RedHat 9.0, you can use the standard user-name configuration. On older Linux versions, you'll need to use a bit of trickery.

You can use kernel based port forwarding. This feature is not available for all flavours of Unix, but at least for recent Linux kernels (2.4) it works fine.

Here is a very basic example for iptables in a static environment (static means that the example does not deal with ppp connections properly, you might have to add something similar to your ip-up/down scripts). 

iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -d your hostname -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -d your hostname -p tcp --dport 80 -j REDIRECT --to-ports 8080

ipchains (for Linux 2.2. kernels) should work similar - it might also be possible to map the port directly inside your firewall.

FAQ
Security
XML and XSLT
Copyright © 1998-2005 Caucho Technology, Inc. All rights reserved.
Resin® is a registered trademark, and HardCoretm and Quercustm are trademarks of Caucho Technology, Inc.