-
1. Re: Redirecting HTTP to HTTPS for wildfly12
pferraro May 30, 2018 10:16 AM (in response to cora.kwok)You shouldn't have to muck with the server configuration - the defaults already contain an HTTPS listener. Just add a <security-constraint/> containing <transport-guarantee>CONFIDENTIAL</transport-guarantee> to your web.xml. See:
Specifying Security Constraints (The Java EE 6 Tutorial, Volume I)
-
2. Re: Redirecting HTTP to HTTPS for wildfly12
cora.kwok May 31, 2018 10:44 PM (in response to pferraro)Thanks for your reply.
web.xml is configured as yours.
when I enter
http://www.example.com:8443/abc/ABC_001.action
IE would redirect correctly
https://www.example.com:8443/abc/ABC_001.action
Firefox or Chrome redirects failed
https://www.example.com:8443/abc
since no such page, error 404 as a resul.
-
3. Re: Redirecting HTTP to HTTPS for wildfly12
pferraro Jun 2, 2018 7:11 AM (in response to cora.kwok)Please paste your security-constraints from web.xml.
-
4. Re: Redirecting HTTP to HTTPS for wildfly12
cora.kwok Jun 11, 2018 11:51 PM (in response to cora.kwok)<security-constraint>
<web-resource-collection>
<web-resource-name>SECURE</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
-
5. Re: Redirecting HTTP to HTTPS for wildfly12
cora.kwok Jun 12, 2018 12:11 AM (in response to cora.kwok)The main reasons were found.
In my system,
http://www.example.com:8443/example/abc/ABC_001.action
1. store the system name ="/abc/ABC_001.action"
2. and redirect to a page to do the browser checking. https://www.example.com:8443/example/BrowserChecking_001.action
3. After passing the browser checking, the system would redirect to /abc/ABC_001.action
However, chrome and firefox would create a new session once redirect from http to https.
Therefore, it could not find the session variable "system name" and redirect to null
http://www.example.com:8443/abc/ABC_001.actiontherefore redirect to http://www.example.com:8443/example/