No https for jasper server

[SETTURGOPI]

Hi team,

we enabled SSL on the tomcat 8 server and try access the http://176.432.217.23:7008/manager will automatically redirect to https.

but when we acess the http://176.432.217.23:7008/app, it is not redirecting to the https. any Suggestion sare appreciated.

30-Aug-2018 14:23:57.731 INFO [http-nio-7080-exec-1] org.apache.coyote.http11.AbstractHttp11Processor.process  Error parsing HTTP request header Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens at org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:236) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1069) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)[/code]

[hozawa]

Have you check ed the security guide on how to enable ssl on tomcat?

https://community.jaspersoft.com/documentation/tibco-jasperreports-server-security-guide/v71/enabling-ssl-tomcat

[SETTURGOPI]

Yes we fixed this issue. The setting does exist. we need to uncomment

 

<mime-mapping>
    <extension>png</extension>
    <mime-type>image/png</mime-type>
  </mime-mapping>
==========  add these below=========================
        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>JasperServerWebApp</web-resource-name>
                        <url-pattern>/*</url-pattern>
                </web-resource-collection>
                <user-data-constraint>
                        <!--  SSL disabled -->
                        <transport-guarantee>NONE</transport-guarantee>
                        <!--  SSL enabled -->
                        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
                </user-data-constraint>
        </security-constraint>
=============================================================
<!--
        This constraint disables the listed HTTP methods, which are not used by JS
        <security-constraint>
                <web-resource-collection>