3 Replies Latest reply on Feb 3, 2017 2:46 PM by jbossbhaskar

    Port redirection 80 to 433 is not working in Wildfly 10

    jbossbhaskar
    jbossbhaskar May 25, 2016 12:32 PM

      We are in the process of migrating from Wildfly 8.1 to Wildfly 10. We have IIS7 front end web server and SSL certificate is installed on the IIS7. Wildfly 10 and IIS7 are linked with mod_jk. When I access http://servername/webapp it should automatically redirecting to https://servername/webapp if the webapp's web.xml has <transport-guarantee>CONFIDENTIAL</transport-guarantee>. This is working perfectly with Wildfly 8.1 but the same setup is not working with Wildfly 10. The error I am getting is


      2016-05-24 22:40:39,276 ERROR [io.undertow.request] (default task-3) UT005001: An exception occurred processing the request: java.lang.IllegalStateException: UT010053: No confidential port is available to redirect the current request.

        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.getRedirectURI(ServletConfidentialityConstraintHandler.java:80)

        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:49)

        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

        at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)

        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

        at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

        at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)

        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)

        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)

        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)

        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

        at java.lang.Thread.run(Thread.java:745)

       

      Here is the standalone.xml

      <subsystem xmlns="urn:jboss:domain:undertow:3.0">

                  <buffer-cache name="default"/>

                  <server name="default-server">

                      <ajp-listener name="listen-ajp" socket-binding="ajp"/>

                      <http-listener name="default" socket-binding="http" redirect-socket="https"/>

                          ...........

                               ...........

       

      <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

              <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>

              <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>

              <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>

              <socket-binding name="http" port="${jboss.http.port:8080}"/>

              <socket-binding name="https" port="${jboss.https.port:443}"/>

               ..................

               ..................

        • 1. Re: Port redirection 80 to 433 is not working in Wildfly 10
          ctomc
          ctomc May 25, 2016 2:12 PM (in response to jbossbhaskar)

          and where is your https-listener configured?

            • Actions
          • 2. Re: Port redirection 80 to 433 is not working in Wildfly 10
            jbossbhaskar
            jbossbhaskar May 25, 2016 6:41 PM (in response to ctomc)

            We have already using Wildfly 8.1 in production. In that I never configured https-listener and it is working perfectly. Why we need to configure for Wildfly 10?

            Please don't get me wrong by looking above question. The reason for asking this question is

            We have IIS7 is the front end server it will handles the SSL part that is why we have <socket-binding name="https" port="${jboss.https.port:443}"/>. What I am assuming is that whenever we requested secure resources on http Wildfly has to redirect them back to 443 port there IIS is running.

            Please clarify. I don't mind configuring https-listener on Wildfly how will it be useful in processing secure resources which are redirecting to 443?

              • Actions
            • 3. Re: Port redirection 80 to 433 is not working in Wildfly 10
              jbossbhaskar
              jbossbhaskar Feb 3, 2017 2:46 PM (in response to jbossbhaskar)

              Here is the fix for this issue and steps to follow on Wildfly10.1.0

               

              step1------------>(set the scheme attribute in the ajp-listener to https & set redirect-socket  attribute in the http-listener to any name in my case it is https-ext)

              <subsystem xmlns="urn:jboss:domain:undertow:3.1">

                 <buffer-cache name="default"/>

                 <server name="default-server">

                     <ajp-listener name="listen-ajp" socket-binding="ajp" scheme="https"/>

                     <http-listener name="default" socket-binding="http" redirect-socket="https-ext" enable-http2="true"/>

                     <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>

                     ......

              step2---------------->(Add socket-binding tag for the above redirect-socket i.e.,https-ext)

              <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

                 <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>

                 <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>

                 <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>

                 <socket-binding name="http" port="${jboss.http.port:8080}"/>

                 <socket-binding name="https" port="${jboss.https.port:8443}"/>

                 <socket-binding name="https-ext" port="443"/>

              ----------------------------

              1 of 1 people found this helpful
                • Actions