10 Replies Latest reply on Apr 7, 2017 6:59 AM by amit4497

    Redirect HTTP to HTTPS in JBoss AS 7.1.1

    cristianmiranda

      Hi,

       

           I have a web application hosted in JBoss AS 7.1.1. I want to redirect every HTTP access to HTTPS.

           I've read the documentation and did the following:

       

           1. Generated SSL certificate (file named chap8.keystroke)

           2. Added connectors in standalone.xml (Note: I have 8888 for HTTP and 8443 for HTTPS in my socket binding)

       

      <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/> 
            <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
            <ssl name="ssl"
                 key-alias="chapter8"
                 password="rmi+ssl"
                 certificate-key-file="../standalone/configuration/chap8.keystore"
                 protocol="TLSv1"
                 verify-client="false"/>
      </connector>
      
      

       

           3. Added security constraint in web.xml

       

          <security-constraint>
              <web-resource-collection>
                  <web-resource-name>SECURE</web-resource-name>
                  <url-pattern>/*</url-pattern>
              </web-resource-collection>
              <user-data-constraint>
                  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
              </user-data-constraint>
          </security-constraint>
      
      

       

           In spite of all the configuration, when I access my application through HTTP port (http://localhost:8888/App.html) it is not redirected to HTTPS. On the other hand, if I access through HTTPS it works. So SSL is enabled, the only problem is the redirect from HTTP to HTTPS.

       

      These are the things I've tried:

       

          Am I missing something in the configuration? Any ideas?

       

      Thanks

        • 1. Re: Redirect HTTP to HTTPS in JBoss AS 7.1.1
          cristianmiranda

          Any ideas? Please.

          • 2. Re: Redirect HTTP to HTTPS in JBoss AS 7.1.1
            nevenc

            Christian,

             

            Your configuration in standalone.xml file looks ok. Your web.xml configuration looks ok.

             

            However, it seems the information in you web.xml is not read properly or at all. Elements user-data-constraint and transport-guarantee with value "CONFIDENTIAL" makes the requirement for the requests (matching this web-resource) to go over the secure port.

             

            I would try intentionally making a typo in your web.xml to see if the web.xml is parsed at all, something that would fail.

             

            Or even better, try to adding security role and login to your web.xml, so you enable the security (all this to make sure the information in web.xml is read by the container)...

             

            Also, you checked that app works when going directly to:

            http://localhost:8888/App.html and http://localhost:8443/App.html

             

            (notice this is a URL for a default application - defined in welcome-content)

             

            How is your application deployed? How did you make your application in default context? Are you sure you are uploading the web.xml for the default application?

             

            Maybe the context-root for your application is not properly setup, try checking these:

            http://localhost:8888/yourapp/App.html

            https://localhost:8443/yourapp/App.html

             

            Good luck!

            • 3. Re: Redirect HTTP to HTTPS in JBoss AS 7.1.1
              magick93

              Hi

               

              I am also trying to do this.

               

              In my case, we the web.xml is included in the application.

               

              We are trying to ensure that all users use https, and that http will redirect to https.

               

              Is this done in the web.xml? Or standalone?

              • 4. Re: Redirect HTTP to HTTPS in JBoss AS 7.1.1
                cristianmiranda

                Hi Neven,

                 

                Thanks for replying.

                 

                I've tried adding a typo in web.xml and it is the same, application is building successfully and I can access by the default context.

                I've modified the welcome-root in my standalone.xml for this (app context was in conflict with the default app)

                 

                <virtual-server name="default-host" enable-welcome-root="false">

                                <alias name="localhost"/>

                                <alias name="example.com"/>

                </virtual-server>

                 

                I've also tried with http://127.0.0.1:8888/app-ui/App.html but it does not work either.

                 

                I've changed application context by addding this in my jboss-web.xml

                 

                <jboss-web>

                  <context-root>/</context-root>

                    <security-domain>jboss-web-policy</security-domain>

                    <valve>

                        <class-name>org.jboss.web.rewrite.RewriteValve</class-name>

                    </valve>

                </jboss-web>

                 

                Any ideas?

                 

                Thanks,

                • 5. Re: Redirect HTTP to HTTPS in JBoss AS 7.1.1
                  cristianmiranda

                  So, is there a chance that the web.xml is being ignored by the container?

                   

                  Is it possible to add security-constraints to redirectr HTTP to HTTPS in jboss-web.xml?

                   

                  Thanks!

                  • 6. Re: Redirect HTTP to HTTPS in JBoss AS 7.1.1
                    nevenc

                    That's exactly your problem Cristian - your web.xml is not being parsed by the container.

                     

                    Can you make that web.xml a not well-formed XML? e.g. just add < at the end of web.xml file.

                     

                    If you application still deploys successfully, your web.xml is not read properly.

                     

                    The most common problem is misplacing web.xml.

                     

                    Can you give us a snapshot of your application files, e.g.

                     

                    • MyApp.war
                      • WEB-INF/web.xml
                      • WEB-INF/jboss-web.xml
                      • WEB-INF/jboss-deployment-structure.xml
                      • index.jsp
                      • css/style.css
                      • ...

                    Your web.xml needs to be in WEB-INF/ folder, together with your jboss-web.xml.

                    • 7. Re: Re: Redirect HTTP to HTTPS in JBoss AS 7.1.1
                      nevenc

                      Anton,

                       

                       

                      There are few ways to do it:

                      • Use apache and <VirtualHost> for http and https (see below an example apache conf)
                      • Enforce https at the application level in the web.xml (using Cristian's method above)

                       

                       

                      Simple apache conf:

                       

                      <VirtualHost *:80>
                         ServerName your.server.com
                          ...
                          # Force https.
                          RewriteEngine on
                          ReWriteCond %{SERVER_PORT} !^443$
                          RewriteRule ^/(.*) https://your.server.com/$1 [NC,R,L]
                      </VirtualHost>
                      
                      <VirtualHost *:443>
                         ServerName your.server.com
                          ...
                      </VirtualHost>
                      
                      • 8. Re: Redirect HTTP to HTTPS in JBoss AS 7.1.1
                        cristianmiranda

                        Thanks Neven. I was using jboss7 profile for maven compilation and didn't realised that I was using the wrong web.xml

                         

                        Thank you

                        • 9. Re: Redirect HTTP to HTTPS in JBoss AS 7.1.1
                          nevenc

                          You're welcome!

                           

                          It is a very common problem. I usually test things using that "intentional typo" trick to confirm the file is actually being processed by the container.

                           

                          It saved me so many times

                           

                          Good luck!

                          • 10. Re: Redirect HTTP to HTTPS in JBoss AS 7.1.1
                            amit4497

                            Is it possible to redirect HTTP to HTTPS without updating the web.xml file ?

                            If YES, how to do it at JBoss level.