5 Replies Latest reply on Jan 3, 2004 4:59 PM by jonlee

    forwarding or redirecting HTTP to HTTPS

    maximuszen

      I've been able to setup HTTPS unremarking the section on HTTPS connections at server/default/deploy/jbossweb-jetty.sar/META-INFjboss-service.xml. I've set up the keystore as described in http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html.

      How do I do the rerouting? The other messages on the forum haven't been helpful.

        • 1. Re: forwarding or redirecting HTTP to HTTPS
          jonlee

          This is not exactly a JBoss/EJB question so it finds little response here. Protection of the resource would be better covered in a Servlet/JSP forum or tutorial rather than the JBoss forums.

          However, you need to ensure that the HTTP connector is configured to perform the redirect for a protected resource. This would be achieved by defining that for Tomcat by adding the fragment in the Tomcat jboss-service.xml:

          redirectPort="7443"

          You would then need to define the protection as per security constraints in the web.xml for your web application:
          <security-constraint>
           <web-resource-collection>
           <web-resource-name>Logins</web-resource-name>
           <url-pattern>/Login</url-pattern>
           <url-pattern>/login.jsp</url-pattern>
           <http-method>GET</http-method>
           <http-method>POST</http-method>
           </web-resource-collection>
           <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
           </user-data-constraint>
           </security-constraint>

          A tutorial on security constraints would better explain this but essentially, any references to /Login or /login.jsp within the context of the web application will be forced to the redirect port specified in the Tomcat HTTP connector definition.

          Sorry for the poor formatting - the new forum software seems a little defective in a few places such as formatting, searches, member profile views and posts tracking.

          Hope this information helps.

          • 2. Re: forwarding or redirecting HTTP to HTTPS
            maximuszen

            I'm not sure where to put the redirectPort="8443"

            Shouldn't I put 8443?

            • 3. Re: forwarding or redirecting HTTP to HTTPS
              maximuszen

              The formatting seems to be off, I meant

              8443

              • 4. Re: forwarding or redirecting HTTP to HTTPS
                maximuszen

                yes... u have to set the redirection as i wrote above also i made the url pattern /*
                the javadoc @ www.mortbay.org clued me into the xml tag. thanks jon

                • 5. Re: forwarding or redirecting HTTP to HTTPS
                  jonlee

                  Glad you got it sorted. Just to clarify on your previous question on the redirect entry and its location (in case others didn't quite follow what went on):

                  <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
                   address="" port="8080" minProcessors="5" maxProcessors="100" redirectPort="8443"
                   enableLookups="true" acceptCount="10" debug="0"
                   connectionTimeout="20000" useURIValidationHack="false"/>

                  This is added to the Tomcat HTTP Connector definition in jboss-service.xml.

                  For Jetty, the jboss-service.xml entry for the HTTP listener would look like this:
                  <Call name="addListener">
                   <Arg>
                   <New class="org.mortbay.http.SocketChannelListener">
                   <Set name="Port"><SystemProperty name="jetty.port" default="8080"/></Set>
                   <Set name="MinThreads">5</Set>
                   <Set name="MaxThreads">100</Set>
                   <Set name="MaxIdleTimeMs">30000</Set>
                   <Set name="LowResourcePersistTimeMs">5000</Set>
                   <Set name="confidentialPort">8443</Set>
                   </New>
                   </Arg>
                   </Call>

                  Note that Jetty uses confidentialPort instead.