HTTPS on WildFly 8.2
tollrakesh Apr 20, 2015 4:28 PMHi,
I have my application running on WildFly 8.2 and is supposed to be fully on HTTPS.
To do this, on web.xml, I have
<security-constraint>
<web-resource-collection>
<web-resource-name>App</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
And then, on standalone.xml I have,
<server name="default-server">
<http-listener name="http-default" socket-binding="http"/>
<https-listener name="https-default" socket-binding="https" security-realm="SSLRealm"/>
<host name="http-default" alias="localhost" default-web-module="sp.war">
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
<host name="https-default" alias="sponline.tdata.com" default-web-module="sp.war">
</host>
</server>
and
<security-realm name="SSLRealm">
<server-identities>
<ssl>
<keystore path="sponline_keystore.jks" relative-to="jboss.server.config.dir" keystore-password="sponline2015" alias="sponline" key-password="GxXxXXxX"/>
</ssl>
</server-identities>
</security-realm>
Now, the server is bound to 2 domain names - HQDATADEV.TDATA.COM and SPONLINE.TDATA.COM. This setup is mandated by our internal policy.
Now, the problem is that the application is configured to have SSL on SPONLINE.TDATA.COM ONLY. But when I launch http://SPONLINE.TDATA.COM it automatically redirects me to HTTPS://HQDATADEV.TDATA.COM.
Can someone explain me this behavior? And possibly a fix for this?