3 Replies Latest reply on May 21, 2002 8:56 PM by jules

    security configuration

    g_andre
    g_andre May 17, 2002 10:47 AM

      I would like to use 2 separate https listeners (for security reason) one for server administration jsp , the other for an external interface.
      How can I map/disable servlet/jsp to specific port/jsselistener.

      Thanks.

      • 3672 Views
      • Tags:
        • 1. Re: security configuration
          jules May 18, 2002 7:35 PM (in response to g_andre)

          If you are using JBoss3 i have heard reports of people running up 2 Jetty services within a single JBoss.

          Only one can be registered as the WAR deployer.

          You can statically configure the other via it's ConfigurationElement to load your administration webapp.

          I haven't tried this, but it should be possible - if you have any problems, let me know and we can work through them.

          If you look on jetty.mortbay.org you should find what you need to get https going.

          If you're using Tomcat - you might be able to do a similar sort of thing - I'm not sure if the Catalina service still reads a server.xml....(or if Catalina has one!)


          Jules

            • Actions
          • 2. Re: security configuration
            g_andre
            g_andre May 21, 2002 10:29 AM (in response to g_andre)

            I had no problem to run 2 https listener or more.

            I am now going to modify the Security Handler. I feel like being able to choose between between CONFIDENTIAL , INTEGRAL or NONE (within the transport-guarantee element in web.xml) is not suficient. I will add my own protocol CONFIDENTIAL_8443 and CONFIDENTIAL_8444 allowing only https respectively over port 8443 and 8444.

            In the long term it would probably be good to plan to add similar functionality in JBOSS/JETTY as an extra feature, as It would make it very easy implements security constraints using jboss/jetty and standard firewall. What is your view on this Jules?



              • Actions
            • 3. Re: security configuration
              jules May 21, 2002 8:56 PM (in response to g_andre)

              Not being a security guru - I'm not the right member of the Jetty team to field this (but probably the only one to read these fora regularly...)

              If it goes beyond the relevant spec, my suspicion is that the answer would be something like - "Jetty is made this flexible in order to facilitate exactly this sort of extension, however the Jetty core release is kept small and simple by just implementing the spec as efficiently as possible...." - otherwise :

              If you are interested in contributing this check out jetty.mortbay.com and maybe kick off a thread on jetty-discuss@yahoogroups.com. If this is a common paradigm it might be useful to at least have a FAQ entry or maybe include something in the JettyExtra package available on SourceForge....

              Thanks for your interest,


              Jules

                • Actions