ACE/Server redirects

I'm looking for some guidance/thoughts on a problem I'm coming across. I have an SSL termination configuration as follows:
Client to VIP:80 does redirect to VIP:443
Client to VIP:8080 does redirect to VIP:8443
Client to VIP:443 load balances to Real:80
Client to VIP:8443 load balances to Real:8080
On the real server I'm running apache on 80 and tomcat on 8080.
Apache handles the main site while Tomcat handles java applets/authentication/etc.
The problem we're encountering is when apache needs to hand off to tomcat and the reverse. What's the best way to accomplish this while maintaining the connection to the same real server. What is happening is that the ACE is re-load balancing the request to a different real.
Thanks.

you could use static cookies [ cookie insert ].
Since you have 2 serverfarms, you'll get 2 different set of cookies.
So, for each sticky group, you need to learn the cookie value associated with each rserver.
Then for the other group, configure a static entry for each cookie value.
Do the same for each group.
Learning the cookie value requires the use of a sniffer. Sniff traffic going to the ACE slot. Open a connection to the vip and see which server is being used and what cookie value is returned. Delete the cookie and repeat until you get the cookie value for each server.
This is the only idea I have right now.
Gilles.

Similar Messages

ACE: URL redirect - not working

Hi,
I've to do url redirection from port 80 to port 443. I've following configured:
rserver redirect url.test.com-rd
webhost-redirection https://url.test.com/
inservice
serverfarm redirect url.test.com:80
description url.test.com - port 80 redirect ***
rserver url.test.com-rd
    inservice
class-map match-any url.test.com:80
2 match virtual-address 192.168.1. tcp eq www
policy-map type loadbalance first-match url.test.com:80
class class-default
    serverfarm url.test.com:80
policy-map multi-match LOAD_BALANCE
   class url.test.com:80
    loadbalance vip inservice
    loadbalance policy url.test.com:80
    loadbalance vip icmp-reply active
===
with above configuration, ACE is redirection port 80 to port 443 but it also rewrites the header. i.e. ACE send me to
"https://url.test.com/" if I type "http://url.test.com/abc" in the browser. It should have redirected to "https://url.test.com/abc" ( it shouldn't have removed "/abc")
could you advice how to accomplish it.
Thanks in advance...

Hi,
thanks pablo. but that isn't expected response. redirected url shows the load balanced server. i.e. for the following serverfarm of port 443:
serverfarm host url.test.com:443
description url.test.com - Port 7777 ***
failaction purge
probe url.test.com:7777
rserver server1.test.com 7777
    inservice
redirected url comes as "http://server1.test.com:7777/abc/" ...instead of what I expect .i.e. i expect "
https://url.test.com/abc/"

ACE WEBHOST-REDIRECT logic

Hi guys.
Recenty I see the following config.
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h%p 301
inservice
serverfarm redirect REDIRECT-SERVERFARM
rserver REDIRECT-TO-HTTPS
inservice
I suspect this is a generic config to rewrite a redirection sent from rsever to client when it sends a http redirection and the client need to do a https conection.
My question is: this configuration will rewrite all redirect? What happens if the redirect sent from real server need to reach the client as http (not translated)
Thanks in advance.

Hi David,
The above configuration is for ACE to redirect and not "Rserver". So if a user comes on http://xyz.com and you want ACE to redirect it to https"//xyz.com, you use above configuration. Now there will be a class-map condition as well as policy maps and hence ACE will redirect only those requests which will match the condition. Also, redirect and rewrite are two different functions. If you want the ACE to intercept server response and rewrite it, then you should have a look at "URL Rewrite as well as SSL rewrite" features. Again you will have proper configurations place for ACE to decide what to rewrite and what not.
Let me know if you have any questions.
Regards,
Kanwal

ACE - HTTPS redirection

Hi,
How to configure the ACE to redirect a https request to different url.
For example
Clients requesting https://www.mycompany.com shall be redirected to https://www1.mycompany.com.
Please let me know.Thanks in Advance

Hi Gilles,
I am having the certificate and the key.
Please check the config and confirm whether this looks fine or not.
I am using GSS to resolve www.mycompany.com and www1.mycompany.com
probe http Server1
interval 15
passdetect interval 60
request method head url /keepAlive.html
expect status 200 202
open 10
parameter-map type ssl PARAMMAP_SSL_TERMINATION
cipher RSA_WITH_3DES_EDE_CBC_SHA
cipher RSA_WITH_AES_128_CBC_SHA priority 2
cipher RSA_WITH_AES_256_CBC_SHA priority 3
rserver redirect HTTPS-REDIRECT
conn-limit max 4000000 min 4000000
webhost-redirection https://www1.mycompany.com.au 301
inservice
serverfarm host SFARM_HTTPS
rserver Server1_http 80
inservice
serverfarm redirect https-redirect
rserver HTTPS-REDIRECT
inservice
ssl-proxy service SSL_PSERVICE
key MYKEY.PEM
cert ACE-SP2.CER
ssl advanced-options PARAMMAP_SSL_TERMINATION
class-map type http loadbalance match-any HTTPS1
2 match http header Host header-value "www[.]mycompany[.]com"
class-map type http loadbalance match-any HTTPS2
2 match http header Host header-value "www1[.]mycompany[.]com"
policy-map type loadbalance first-match HTTPS
class HTTPS1
serverfarm https-redirect
class HTTP2
serverfarm SFARM_HTTPS
class class-default
serverfarm SFARM_HTTPS
policy-map multi-match HTTPS-PM
class HTTPS-RED
loadbalance vip inservice
loadbalance policy HTTPS
loadbalance vip icmp-reply active
ssl-proxy server SSL_PSERVICE
Also let me know know if there is any another way to configure the redirection other than matching host header.
Thanks in Advance

Not able to run a reconciliation from IDM on a the securID/ACE server UNIX

I have configured a securID/ACE adapter in IDM 7.1 so that it can provision updates of user accounts. RSA 6.1.2 server is running on Linux RHEL 2.6.9. I am able to connect to RSA form IDM, but when I run a reconciliation I get the following error,
Error iterating accounts for resource RES-User-RSA-Projects:
com.waveset.util.WavesetException: Trouble constructing User 'null'
Below is the stack trace that I extracted from IDM (debug): The stack below tells me that IDM is not able to establish a connection to the RSA server. I have made sure that the login account that I am using in the RSA adapter parameters belongs to the same group that owns /opt/ace/utils/tcl/bin/tcl-sd.
Is there anything else I need to do? Has anybody out there faced a similar issue and found a resolution?
SecurIdUnixResourceAdapter#getFeatures() Entryno args
SecurIdUnixResourceAdapter#getFeatures() Exit void
SecurIdUnixResourceAdapter#getFeatures() Entry no args
SecurIdUnixResourceAdapter#getFeatures() Exit void
SecurIdUnixResourceAdapter#getFeatures() Entry no args
SecurIdUnixResourceAdapter#getFeatures() Exit void
SecurIdUnixResourceAdapter#getLoginScript() Entry no args
SecurIdUnixResourceAdapter#getTclshPath() Entry no args
SecurIdUnixResourceAdapter#getTclshPath() Exit returned= /opt/ace/utils/tcl/bin/tcl-sd
SecurIdUnixResourceAdapter#getResourceAttributeValue() Entry no args
SecurIdUnixResourceAdapter#getResourceAttributeValue() Exit returned= 24
SecurIdUnixResourceAdapter#getResourceAttributeValue() Entry no args
SecurIdUnixResourceAdapter#getResourceAttributeValue() Exit returned= 2
SecurIdUnixResourceAdapter#getResourceAttributeValue() Entry no args
SecurIdUnixResourceAdapter#getResourceAttributeValue() Exit returned= 6
SecurIdUnixResourceAdapter#getUserExtensionMapNames() Entry no args
SecurIdUnixResourceAdapter#getUserExtensionMapNames() Exit void
SecurIdUnixResourceAdapter#getLoginScript() Exit void
SecurIdUnixResourceAdapter#getAccountIteratorscript() Entry no args
SecurIdUnixResourceAdapter#procSetup() Entry no args
SecurIdUnixResourceAdapter#procSetup() Exit void
SecurIdUnixResourceAdapter#procTearDown() Entry no args
SecurIdUnixResourceAdapter#procTearDown() Exit void
SecurIdUnixResourceAdapter#getAccountIteratorscript() Exit void
SecurIdUnixResourceAdapter#getAccountIteratorResult() Entry no args
SecurIdUnixResourceAdapter#getAccountIteratorResult() Exit void
SecurIdUnixResourceAdapter#constructUser() Entry no args
SecurIdUnixResourceAdapter#constructUser() Info Database connection is not established!
SecurIdUnixResourceAdapter#getFeatures() Entry no args
SecurIdUnixResourceAdapter#getFeatures() Exit void

Anybody out there who has configured SUN IDM to provision into RSA SecureID Ace/Server UNIX? Any help on this is greatly appreciated!

RSA SecureID ACE/Server 6.1.2 integration issue with IDM2005Q4M3

I tried the SecureID adapter with the following steps:
1.setup the idm gateway on SecureID Server
2.copy SecureID's apidemon.exe to gateway.exe folder
3.add the administrator on secureid server and use it on idm resource adapter
4.run gateway.exe -d -fsso.log -l6
5.configure the SecureID adapter resource and test configuration is ok
6.add a rsa_test user on IDM, then assign the SecureID resource to the user
before step 6 every thing is fine, but the step 6 cause the IDM hangup, nothing response from gateway.
while I assign the user with SecureID resource in IDM, the gateway trace log print the trace log below and then hanged up:
01/09/2008 17.44.55.234000 [2464] (../../../../src/wps/agent/securid/SecurIdExtension.cpp,1439): Enter: login
01/09/2008 17.44.55.234000 [2464] (../../../../src/wps/agent/connect/RAEncryptor.cpp,69): RAEncryptor::Decrypt3DES: input length (8) moded to 1
my environment:
idm 2005Q4M3 on linux
gateway: Sun Java System Identity Manager 6.0 SP1 HF82 on windows 2003 sp1
RSA SecureID ACE/Server: 6.1.2 on windows 2003 sp1
Any help on RSA SecureID ACE/Server 6.1.2 integration with IDM2005Q4M3 is greatly appreciated.
Or anybody can send me some more docs on the integration process and the check point?
My email: [email protected]
Please help!
Edited by: Brave on Jan 9, 2008 4:36 AM

Found the solution. Problem was the acecInt.dll in the System32 folder was mismatching with the one in the RSA install folder. I copied the dll from the RSA install folder to the System32 and it started to work fine.
The error i was getting was "Get file operation with no or unknown handle aborted".

I am trying to upload pictures to website, but get an error message saying that server redirection is not suppoerted. What is this, and why does it happen? I've never had this problem before and it started after Firefox update yesterday.

Trying to upload pictures to a website, but it doesn't work. After going thru the whole process, I get a message saying; the server attempted to redirect you. Server redirection is not supported. This only happened after I updated Firefox. Never had this problem before.

Dear Jody..jone5
Good for you that can't update your iphone because I did it and my iphone dosen't work for example I can't download any app like Wecaht or Twitter..
Goodluck
Atousa

RSA ACE server SYSLOG collector, Parsing help!

Hi Board.
I am in a very big hurry for developing a RSA ACE collector script. The
already released RSA ACE Collector script is file based and the RSA ACE
server can dump a CSV log report with an interval of a hour as the
fastest possible interval. This is not at all satisfying for the
customer which - due to the latest issue with hacking attacks on EMC's
network both announced in the press and by letter from EMC and to their
customers - is not at all acceptable. They need to have logic for
pattern searches and correlation rules that can respond as close to real
time as possible.
We have with success and without any troubles or big efforts installed
the SNARE agent on the RSA ACE Appliance box. We are receiving the
events from the RSA server correctly (or we are receiving the events as
unsupported events because the events is not parsed correctly, but all
the needed information is there) and I have started development of a new
Collector script based on the Generic Event Collector (Just
doubleclicked on New Collector script in the Ant menu).
So far I have tryed some different approaches. I know that I can totaly
manipulate with the events received from the Source because I can
pre-set values via the protoEvt.map file. Even further have I been able
to set some other values in the Parse function by using the rec2Evt.map
and then hardcode a value to the desired field by using
rec.-input_record_field-.
Therefor I am pretty convinced that I am on the right track.
Now here is my question:
Based on this copy-pasted s_RXBufferString value (IP addresses and
host+domain values changed for protecting the customer):
Code:
Mar 26 05:48:12 192.168.1.100 hostname[tab]MSWinEventLog[tab]4[tab]Application[tab]14765[tab]Sat Mar 26 10:48:12 2011[tab]1011[tab]ACESERVER6.1[tab]Unknown User[tab]N/A[tab]Information[tab]hostname[tab]Devices[tab][tab][tab]Passcode accepted (Login:'jodo'; User Name:'Doe, John'; Token:'000123456789'; Group:''; Site:''; Agent Host:'remotehost.domain.com'; Server:'serverhost').[tab]14617
*NB!* Swap out [tab] with tablulator delimiter!
I have tryed this approach (this is the entire Parse Functiomn):
Code:
var ValueArray = this.s_RXBufferString.split("\\t");
rec.msg = this.s_RXBufferString;
var SourceInfo = ValueArray[0];
rec.sun = ValueArray[1];
//e.InitServiceName = ValueArray[1];
//rec.Service = ValueArray[1];
//e.EventTime = ValueArray[5];
//rec.EvtTime = ValueArray[5];
//e.VendorEventCode = ValueArray[6];
rec.evtCode = ValueArray[6];
e.DeviceName = ValueArray[7];
rec.sun = ValueArray[8];
//e.EffectiveUserID = ValueArray[8];
//var OSInitUser = ValueArray[8];
//e.InitHostName = ValueArray[11];
rec.shd = ValueArray[11];
//ValueArray[12] = ValueArray[12].ltrim();
var AppSpecificMessage = '';
for(var t = 12; t<count(ValueArray); t+1)
AppSpecificMessage += ValueArray[t];
//e.InitIP = SourceInfo.match("[0-9]+.[0-9]+.[0-9].[0-9]");
rec.sip = this.s_RXBufferString.match("\d+\.\d+\.\d+\.\d+");
var A = AppSpecificMessage.search('\(.+\)');
//e.EventName = 'Debugging RSA';
//e.EventName = AppSpecificMessage.substring(0,A-1).ltrim();
rec.evt = AppSpecificMessage.substring(0,A-1).ltrim();
AppSpecificMessage = AppSpecificMessage.match('\(.+\)');
// var B = AppSpecificMessage.search(')');
//var B = AppSpecificMessage.search(')');
// var BaseInfo = AppSpecificMessage.substring(A+1,B-1);
// var BaseTmpArray = BaseInfo.split(';');
// var BaseArray = new Array();
/*for(var i = 0; i<count(BaseTmpArray); i+1)
var str = BaseTmpArray[i].ltrim();
var TempAr = str.split(':');
BaseArray.push(TempAr[1].substring(1,-1));
/*var AgentArr = BaseArray[6].split(".");
AgentArr.reverse();
AgentArr.pop();
AgentArr.reverse();
e.InitHostDomain = AgentArr.join(".");
//rec.InitDomain = AgentArr.join(".");
e.InitHostDomain = "corp.ad.local";
if (ValueArray[10] == "Information")
rec.sev = "0";
//e.Severity = "0";
else if (ValueArray[10] == "Warning")
rec.sev = "3";
//e.Severity = "3";
else if (ValueArray[10] == "Error")
rec.sev = "4"
//e.Severity = "4";
else
rec.sev = "1";
//e.Severity = "1";
//e.InitUserID = BaseArray[0];
rec.LoginName = BaseArray[0];
//e.InitUserName = BaseArray[1];
rec.UserName = BaseArray[1];
//e.customerVar35 = BaseArray[2];
//rec.Token = BaseArray[2];
//e.customerVar36 = BaseArray[5];
//rec.Agent = BaseArray[5];
instance.SEND_EVENT = true;
// parsing logic goes here
/*if (1==1) { // set SEND_EVENT to true if your parsing logic worked correctly
instance.SEND_EVENT = true;
// If you can't parse...
//rec.sendUnsupported();
return true;
But it just laughs at me and wont work. It states that there is a
parsing error: match function something with input.
Can you please help me build a logic that will work as intended? It
should be clear what information or which piece of the text that I try
map to which Event fields (look at the outcommented bits right above or
below the ones that point to a rec.something because there I have tryed
just map the information directly).
kkrasmussen
kkrasmussen's Profile: http://forums.novell.com/member.php?userid=20966
View this thread: http://forums.novell.com/showthread.php?t=435715

> - I'm not sure I understand why you replace the tabs with '|' just to do
> the split; why can't you just split on tab? You can also investigate our
> 'safesplit()' method, which understands quoted delimited strings:
> Novell Login
> (not sure that's necessary in this case)
I replaced the tabs with '|' foir easier regex searchess for both
numbers, alphanummeric and spaces in same match cases - but with the
opportunity to index better for those searches because I did not need to
worry about the tabs being recognised as whitespaces anymore.
The safesplit works fine with '|' but not for this one:
Code:
var AppSpecificArray = AppSpecificMessage.safesplit(";");
It reports that: "Cannot find function safesplit".
If I change that to:
Code:
var AppSpecificArray = AppSpecificMessage.split(/\;/);
It reports that: "Cannot find function split".
> - The 'substring()' method is defined as taking two arguments:
> from Required. The index where to start the extraction. First character
> is at index 0
> to Optional. The index where to stop the extraction. If omitted, it
> extracts the rest of the string
> Neither of those two arguments will *ever* be negative - they always
> count from the beginning of the string. What you're really trying to do
> is to extract the substring from the beginning +1 character, to the end
> -2 characters, which is not how substring() works. But you *can* do
> something like:
> this.evt = Msg.substring(1,Msg.length - 2);
>
Aha I see. Thanks for the info. However, I tried the suggested this.evt
= Msg.substring(1,Msg.length - 2); but it reports: Cannot call method
"substring" of null. Remember that I have already testet and verified
that I do have a value in the Msg variable.
Here is the newest code. Please notice that I have outcommented the
desired "result" and is just trying to get something from at least the
part of the string that I want to parse.
Code:
this.msg = this.s_raw_message2;
var TempTxt = this.s_raw_message2.replace(/\t/g,"|");
var ValueArray = TempTxt.safesplit("|");
var SourceInfo = ValueArray[0];
this.evtCode = ValueArray[6];
this.sip = TempTxt.match(/\d+\.\d+\.\d+\.\d+/);
e.DeviceName = ValueArray[7];
//AppSpecificMessage = TempTxt.match(/(?:\().+(?:\))/);
var Msg = ValueArray[14].match(/(?:\|)[^\|]+(?:\()/);
this.evt = Msg.substring(1,Msg.length - 2);
//this.evt = Msg;
AppSpecificMessage = ValueArray[14].match(/(?:\().+(?:\))/);
if (ValueArray[10] == "Information")
this.sev = "0";
else if (ValueArray[10] == "Warning")
this.sev = "3";
else if (ValueArray[10] == "Error")
this.sev = "4"
else
this.sev = "1";
if(TempTxt.match(/(?:Login:\')\S+(?:')/) != false)
//var apptemp = AppSpecificMessage.substring(1,AppSpecificMessage. length - 1);
//var AppSpecificArray = apptemp.safesplit(";");
var AppSpecificArray = AppSpecificMessage.safesplit(";");
for(var c = 0; c<count(AppSpecificArray); c + 1)
var key = AppSpecificArray[c].split(/:/);
if (key[0] == "(Login")
if (key[1] == "''")
this.iuid = ValueArray[8];
else
this.iuid = key[1];
//this.iuid = key[1].substring(1,key[1].length - 1);
if (key[0] == " User Name")
if (key[1] == "''")
this.sun = "System";
else
this.sun = key[1];
//this.sun = key[1].substring(1,key[1].length - 1);
if (key[0] == " Agent Host")
if (key[1] == "'')")
this.shd = "Unknown Host Domain";
else
//var TempArr = key[1].substring(1,key[1].length - 1).safesplit(".");
var TempArr = key[1].plit(/\./);
TempArr.reverse();
TempArr.pop();
TempArr.reverse();
this.shd = TempArr.join(".");
if (key[0] == " Token")
if (key[1] != "''")
e.CustomerVar35 = key[1];
//e.CustomerVar35 = key[1].substring(1,key[1].length - 1);
else
this.shd = "Unknown Host Domain";
this.iuid = ValueArray[8];
this.sun = "System";
instance.SEND_EVENT = true;
return true;
kkrasmussen
kkrasmussen's Profile: http://forums.novell.com/member.php?userid=20966
View this thread: http://forums.novell.com/showthread.php?t=435715

RSA Secure ID ACE/Server and gateway IDM

Hi all,
we are trying to integrate and RSA server with IDM 6.0SP2.
I do not understand this phrase on resource references doc.
If SecurID is installed on Windows, the Identity Manager gateway must be running on
the same system where the RSA ACE/Server is installed.it means that the gateway from RSA server must run on the same server where is running RSA ?
Someone has integrated the appliance RSA installing on it the gateway ?
Thanks,
mazant

The port should be 9278. Enable the gateway trace and see if it is logging anything to the trace file.

Dot1x/ACS3.0/RSA ACE server 5.0

Hi,
I tried to configure dot1x (cat6500) with ACS 3.0 and RSA ACE server. In the first step when I configured static password in ACS everything was OK, but when I changed to the external user database I got an error: "Auth type not supported by External DB"
Does anyone know why?
Thanks,

The dot1x supplicant on the PC will use Extensible Authentication Protocol (EAP) authentication to send the username/password. This authentication method cannot be used with an external RSA database, RSA has to use PAP authentication which sends the password in the clear (which is OK because it's a one-time password).
See http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/o.htm#625794 for details on the external DB's and password protocols. Notice how all the one-time password databases can only use PAP.

Wireless WPA2 + AD + RSA ACE Server possible

I have a client that wants to use WPA2 authenticated to the Windows Active Directory and also has an RSA ACE Server. The goal os to provide 802.1x security with these 3 devices. I am NOT looking to USE the RSA tokens for this, only the underlying RSA RADIUS service to authenticate clients. Is this possible or do I also need a ACS server?
The alternative is to use Wireless WPA2 + AD + Windows IAS RADIUS.
Thanks for any comments,
Chris Serafin
Security Engineer
[email protected]

Hi Chris,
I don't think you can use the RSA's radius server without using tokens. If you are looking to authenticate to Active Directory then either use Wireless + IAS + AD or use Wireless + ACS + AD
There will be no need to bring the RSA into the solution.

Secure ID Ace Server

We are trying to configure SecurID ACE/Server for Windows (ACE Server version 6.0). We have followed the below steps.
<ol><li>Installed the Sun IdM Gateway on the NT where the ACE Accounts are being created </li>
<li>Copied the apidemon from the ACE/Server installation directory to c:\winnt\system32 </li>
<li>RSA ACE Agent Host added. </li>
</ol>
When we check for the Test Configuration we get connection Timed out error with port 9278.
And with the ports : 8098 java.io.EOFException: \n
With port 8198 java.net.SocketException: Connection reset\n
Please help us out with your ideas.
Thanks
Swarna

The port should be 9278. Enable the gateway trace and see if it is logging anything to the trace file.

SecureID / ACE Server different applications

Dear all
Is there a way to have more than one SecureId-Profile?
We have a client asking for for different profiles while using a RSA ACE Server a login authority for example:
PowerUsers: should have access to the full desktop and all applications
StandardUsers: should have Outlook only in a seamless window
Any ideas / help really appreciated....
Thank you
Support

Found the solution. Problem was the acecInt.dll in the System32 folder was mismatching with the one in the RSA install folder. I copied the dll from the RSA install folder to the System32 and it started to work fine.
The error i was getting was "Get file operation with no or unknown handle aborted".

JSP bug? url.openStream() = server redirected too many times

I tried something the other day that works in Java, so it should work as a JSP scriptlet, but I received an error message that others have posted elsewhere without a compete resolution. Specifically, given a URL, say u, one ought to be able to do u.openStream() and eventually read the remote page. Typically, one might want to try
URL u = new URL("http://someserver.com/path/file.xxx")
BufferedReader bfr = new BufferedReader(new InputStreamReader(u.openStream()))and then read bfr line-by-line. The problem that seems to be fairly common is that the openStream() call throws a ProtocolException claiming "server redirected too many times (20), ."
What I've seen is that this exception occurs whenever the URL is outside the Tomcat server whence the call is being made; in our case, we're running "out-of-the-box" Jakarta Tomcat 4.1.29 on port 8080 of a w2k server. The code works perfectly in native Java and in JSP for a URL of the form "/anotherpage.jsp"
Is this a bug in JSP, or in our version of Tomcat, or is there just some configuration parameter that needs to be changed from its default? As I said, I've seen similar posts (with less detailed analysis) in the Usenet newsgroups, but not one has generated a response that explains and resolves the matter.
Perhaps a JSP guru out there could set the record straight? Thanks.
P.S. I know that the use of scriptlets in JSP is being discouraged, but they are still supported AFAIK.

Sure scriptlets are still supported. Most times though you can do things better with a custom tag. Why reinvent the wheel?
Just as a suggestion, you might try the JSTL <c:import> tag.
It basically does just this behind the scenes.
However I don't think that will help you in the end - it will probably hit the same error message.
My guess would be that the problem is not caused by java/JSP as such, but by a firewall, or configuration somewhere.
The following works fine for me (ignoring broken images of course)
<%@ page import="java.net.*, java.io.*" %>
<%
URL u = new URL("http://www.google.com");
BufferedReader bfr = new BufferedReader(new InputStreamReader(u.openStream()));
String line = null;
while ((line = bfr.readLine()) != null){
out.println(line);
%>Hope this helps,
evnafets

I keep getting error that page isnt redircting properly..server redirecting in a way that will never be completed..always says cookies are disabled...diid what was suggested in your articles but this did not helpchangeiiiererl

i play games on facebook: cityville, frontierville...when you try to help others with missions. you click on things they need which then directs you to a page that registers what you sent in that specific game/or to open the game. There are times when I am redirected there / then there are times I am not. Here lately I am getting a white screen which says the page isn't redirecting properly, server redirecting in a way that will never be completed...it also says this problem can sometime be caused by disabling or refusing to accept cookies..I went to the firefox site and did what was suggested by firefox when there may be a cookie problem with to no avail...please help

If clearing the cookies doesn't help then it is possible that the file cookies.sqlite that stores the cookies is corrupted.
Rename (or delete) cookies.sqlite (cookies.sqlite.old) and delete cookies.sqlite-journal and cookies.txt, if they exist, in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Profile Folder] in case the file cookies.sqlite got corrupted.
* http://kb.mozillazine.org/Cookies#Removing_cookies

ACE/Server redirects

Similar Messages

Maybe you are looking for