1 Reply Latest reply on Jul 21, 2010 2:28 PM by skidvd

    Problems with SSL redirection in JBoss 5.1.0.GA

    skidvd
    skidvd Jul 20, 2010 1:29 PM

      Hello,

       

      I'm using  JBoss [The Oracle] 5.1.0.GA.  In previous releases I have successfully configured SSL and and the associated port redirection without any problems.  However, in this environment, I am having unexpected problems.  Your help will be greatly appreciated....

       

       

      Here is what I have....

       

       

      from server.xml:


           <!-- A HTTP/1.1 Connector on port 7000 -->
            <Connector protocol="HTTP/1.1" port="7000" address="${jboss.bind.address}"
                     connectionTimeout="20000" redirectPort="7001" />

            <!-- Add this option to the connector to avoid problems with
                .NET clients that don't implement HTTP/1.1 correctly
               restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
            -->

            <!-- A AJP 1.3 Connector on port 8009 -->
            <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"
               redirectPort="7001" />

       

            <!-- SSL/TLS Connector configuration using the admin devl guide keystore-->
            <Connector protocol="HTTP/1.1" SSLEnabled="true" enableLookups="true"
                 port="7001" address="${jboss.bind.address}"
                 scheme="https" secure="true" clientAuth="false"
                 keystoreFile="${jboss.home.dir}/certs/mysvr1.jks"
                 keystorePass="zzzzz" sslProtocol = "TLS"
                 truststoreFile="${jboss.home.dir}/certs/mysvr1Trust.jks"
                 truststorePass="zzzzz" />

       

      from my apps web.xml:

       

      from web.xml:

      <security-constraint>
              <web-resource-collection>
                  <web-resource-name>All restricted resources</web-resource-name>
                  <description>Protects all AppAdmin restricted resources</description>
                  <url-pattern>/pages/*</url-pattern>
                  <http-method>GET</http-method>
                  <http-method>POST</http-method>
              </web-resource-collection>
              <user-data-constraint>
               <transport-guarantee>CONFIDENTIAL</transport-guarantee>
              </user-data-constraint>
      </security-constraint>

       

      Symptoms:

       

      http://myserver:7000/Myapp/login.xhtml (when I hit this URL, it produces downloadable result - as expected - this is not within the data-constraint resource-collection)

      http://myserver:7000/Myapp/pages/index.jsf  (when I hit this URl, I expect to be redirected to SSL port (inside data-constraint); but do NOT get redirected - i.e., URL stays http and port 700 - and results in Cannot find server or DNS error)

      https://myserver:7001/Myapp/pages/index.jsf (works as expected - this shows that SSL appears to be configured and working properly)

       

      Why is the redirect from an non SSL URL to an SSL URL (when accessing a data-constratint resource) not happening?  Again, your help is greatly appreciated!

      • 3129 Views
      • Tags:
        • 1. Re: Problems with SSL redirection in JBoss 5.1.0.GA
          skidvd
          skidvd Jul 21, 2010 2:28 PM (in response to skidvd)

          Thanks to Jean-Frederic's observation, I was able to investigate the reponse returned from the original non-SSL request.  In fact, the redirection was happening.  However, the request was being requested to a port different from that configured in my server.xml.  Upon further examination, I determined that the SBM was 'overriding' the ports configured in server.xml.  After some changes in bindings--jboss-beans.xml to add fixedPort properties for the affected services, all works as desired.

            • Actions