Security Scrapbook
Resin 3.0
Orientation
Features
Installation
Configuration
Web Applications
JSP
Servlets and Filters
Portlets
Databases
Admin (JMX)
Amber
Security
XML and XSLT
XTP
Resources
Performance
Protocols
Third-party
Troubleshooting/FAQ
Authentication
Digest Passwords
Authorization
SSL
Security Manager
Malicious Attacks
Tutorials
FAQ
Scrapbook
FAQ
Security
XML and XSLT

A repository of notes and comments that will eventually make their way into the documentation. Please treat the information here with caution, it has often not been verified.

  1. Where can I learn more about SSL?
  2. Converting a JSSE Keystore to OpenSSL
  3. How do I handle port 80 and root issues on Linux?

Where can I learn more about SSL?

Converting a JSSE Keystore to OpenSSL

link

How do I handle port 80 and root issues on Linux?

When using the 2.6 Linux kernel or RedHat 9.0, you can use the standard user-name configuration. On older Linux versions, you'll need to use a bit of trickery.

You can use kernel based port forwarding. This feature is not available for all flavours of Unix, but at least for recent Linux kernels (2.4) it works fine.

Here is a very basic example for iptables in a static environment (static means that the example does not deal with ppp connections properly, you might have to add something similar to your ip-up/down scripts). 

iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -d your hostname -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -d your hostname -p tcp --dport 80 -j REDIRECT --to-ports 8080

ipchains (for Linux 2.2. kernels) should work similar - it might also be possible to map the port directly inside your firewall.

FAQ
Security
XML and XSLT
Copyright © 1998-2003 Caucho Technology, Inc. All rights reserved.
Resin® is a registered trademark, and HardCoretm and Quercustm are trademarks of Caucho Technology, Inc.