Enabling SSL in jboss 3.2.2
k.g Aug 4, 2005 2:26 AMHi,
I am not able to enable SSL in JBoss to work properly
I am running Jboss 3.2.2 on port 80 and I have an application.ear (myportal.ear) running on it. We can access the application simply by typing "http://address/myportal"
Now I wanted to enable ssl while accesing this ear ,so I changed the jboss-service.xml and web.xml and created a keystore file.
Now when i call a page like this
"https://address:8443/myportal" - it works
but it also works for an address like this
"http://adress/myportal"
But I want to restrict this access. (Without https one should not be able to open the above page)
I am not sure whether i missed out something in configurations.
Any suggestions would be of enormous help
Below follows some relevant sections from my jboss-service.xml and web.xml
======= jboss-service.xml ============== <!-- A HTTP/1.1 Connector on port 80 --> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" address="${jboss.bind.address}" port="80" minProcessors="5" maxProcessors="100" enableLookups="true" acceptCount="10" debug="0" connectionTimeout="20000" useURIValidationHack="false"/> <!-- SSL/TLS Connector configuration using the SSL domain keystore--> <Connector className = "org.apache.coyote.tomcat4.CoyoteConnector" address="${jboss.bind.address}" port = "8443" scheme = "https" secure = "true"> <Factory className = "org.apache.coyote.tomcat4.CoyoteServerSocketFactory" keystoreFile="${jboss.server.home.dir}/conf/mykey.keystore" keystorePass="secret" protocol = "TLS"/> =============== web.xml ===================== <security-constraint> <display-name>Security for Julius PDS</display-name> <web-resource-collection> <web-resource-name>Julius web Security</web-resource-name> <description>Redirect all to SSL</description> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <description>Protection should be CONFIDENTIAL</description> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
Thanks in advance