Securing Web Application and SSL
marcusdidiusfalco Apr 18, 2014 12:49 PMHello,
I am trying to secure a web application and implement https:
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsf</welcome-file>
</welcome-file-list>
<context-param>
<param-name>facelets.SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.INTERPRET_EMPTY_STRING_SUBMITTED_VALUES_AS_NULL</param-name>
<param-value>true</param-value>
</context-param>
<security-constraint>
<web-resource-collection>
<web-resource-name>Organisator</web-resource-name>
<url-pattern>/organisator/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Organisator</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>Organisator</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<!--
<form-login-config>
<form-login-page>/login.jsf</form-login-page>
<form-error-page>/loginError.jsf</form-error-page>
</form-login-config>
-->
<realm-name>my-aktion</realm-name>
</login-config>
</web-app>
The basic login works. After that I have tried to implement https
<subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enabled="true">
<ssl key-alias="my-aktion" password="changeit" certificate-key-file="../standalone/configuration/my-akktion.keystore"/>
works.
But when I try to access my web app under the address
https://localhost:8080/my-aktion
(the application has worked without https)
I get redirect to
https://localhost/my-aktion/organisator/aktionList.jsf
to which the browser cannot connect.
also when I try to add the port:
https://localhost:8443/my-aktion/organisator/aktionList.jsf
I get again redirect to the wrong address.
I would be very gratefull for any suggestions.
Thanks,
Hans