4 Replies Latest reply on Nov 14, 2013 11:57 AM by jfuerth

Redirect to https / refuse non secure requests

magick93 Nov 14, 2013 5:42 AM

We are getting more security concious with our errai app, and would like to find out how to redirect to the https page, and also not allow non ssl connections.

Can anyone advise on this?

BTW: We are using apache shiro.

1. Re: Redirect to https / refuse non secure requests

jfuerth Nov 14, 2013 9:44 AM (in response to magick93)
Hi Anton,

You can do this in an Errai app just as you would in any servlet app: set up a security constraint in your web.xml:

<security-constraint> <web-resource-collection> <web-resource-name>all</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>

Configuring your web server to support SSL and telling it which mechanism to use for redirecting from the insecure port to the secure port is app server specific. Check your server's reference guide for that info.

-Jonathan
Actions
2. Re: Redirect to https / refuse non secure requests

magick93 Nov 14, 2013 10:19 AM (in response to jfuerth)

Thank you Jonathan.

That is very helpful.
Actions
3. Re: Redirect to https / refuse non secure requests

magick93 Nov 14, 2013 11:06 AM (in response to magick93)

Configuring your web server to support SSL and telling it which mechanism to use for redirecting from the insecure port to the secure port is app server specific. Check your server's reference guide for that info.

We are using jboss as 7.2. Do you know how we do this for this wonderful app server?
Actions
4. Re: Redirect to https / refuse non secure requests

jfuerth Nov 14, 2013 11:57 AM (in response to magick93)

Honestly I don't know that off the top of my head. But I would be shocked if it wasn't covered in the reference guide.

-Jonathan
Actions

Go to original post