2 Replies Latest reply on Jun 27, 2016 11:37 AM by jaybarts

    Disabling http in Wildfly 10?

    jaybarts

      Hi All,

       

      I seem to be having an issue with disabling http in my wildfly 10 standalone instance.  Currently I can connect to my server via http and https just fine, but I want to disable http outright.  My approach was to remove the http listener outright and this results in the server starting up with no errors and it does block traffic using http.  The only problem is that the server says it started up fine in the output log, but the server remains in a "starting" status when starting in eclipse.  Then the server stops by itself stating that the 450 second startup timeout has been reached.

       

      I then tried to go the http redirect to https route, but when I placed the following in my web.xml as recommended, nothing happened:

       

       

        <security-constraint>
      <web-resource-collection>
      <web-resource-name>Protected Context</web-resource-name>
      <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

       

       

       

      What is the correct approach for disabling http?

       

       

      Environment:

      WildFly 10.0

      JDK 1.8

      Win 10

      Eclipse Mars2

       

       

       

      Thanks,

      -jay

        • 1. Re: Disabling http in Wildfly 10?
          lafr

          The http-listener is referenced in standalone config, for instance in the messaging / activemq module as

           

                      <http-acceptor name="http-acceptor" http-listener="default"/>
                      <http-acceptor name="http-acceptor-throughput" http-listener="default">

           

          You have to update those references to https or name your default

          <https-listener name="default" security-realm="ApplicationRealm" socket-binding="https"/>

          • 2. Re: Disabling http in Wildfly 10?
            jaybarts

            Hi Frank,

             

            Thank-you for your reply.  I looked for the messaging/activemq module references but I could not find them in my standalone.xml.  I ended up renaming the https listener to default but I still run into the same issue.  I've pasted my standalone.xml for reference:

             

            <?xml version="1.0" ?>

             

             

            <server xmlns="urn:jboss:domain:4.0">

                <extensions>

                    <extension module="org.jboss.as.clustering.infinispan"/>

                    <extension module="org.jboss.as.connector"/>

                    <extension module="org.jboss.as.deployment-scanner"/>

                    <extension module="org.jboss.as.ee"/>

                    <extension module="org.jboss.as.ejb3"/>

                    <extension module="org.jboss.as.jaxrs"/>

                    <extension module="org.jboss.as.jdr"/>

                    <extension module="org.jboss.as.jmx"/>

                    <extension module="org.jboss.as.jpa"/>

                    <extension module="org.jboss.as.jsf"/>

                    <extension module="org.jboss.as.logging"/>

                    <extension module="org.jboss.as.mail"/>

                    <extension module="org.jboss.as.naming"/>

                    <extension module="org.jboss.as.pojo"/>

                    <extension module="org.jboss.as.remoting"/>

                    <extension module="org.jboss.as.sar"/>

                    <extension module="org.jboss.as.security"/>

                    <extension module="org.jboss.as.transactions"/>

                    <extension module="org.jboss.as.webservices"/>

                    <extension module="org.jboss.as.weld"/>

                    <extension module="org.wildfly.extension.batch.jberet"/>

                    <extension module="org.wildfly.extension.bean-validation"/>

                    <extension module="org.wildfly.extension.io"/>

                    <extension module="org.wildfly.extension.request-controller"/>

                    <extension module="org.wildfly.extension.security.manager"/>

                    <extension module="org.wildfly.extension.undertow"/>

                </extensions>

               

                <management>

                    <security-realms>

                        <security-realm name="ManagementRealm">

                           <server-identities>

                                <ssl protocol="TLS">

                                    <keystore path="C:/certs/test.jks" keystore-password="test" alias="test"/>

                                </ssl>

                            </server-identities>

                            <authentication>

                                <local default-user="$local" skip-group-loading="true"/>

                                <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>

                            </authentication>

                            <authorization map-groups-to-roles="false">

                                <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>

                            </authorization>

                        </security-realm>

                        <security-realm name="ApplicationRealm">

                            <authentication>

                                <local default-user="$local" allowed-users="*" skip-group-loading="true"/>

                                <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>

                            </authentication>

                            <authorization>

                                <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>

                            </authorization>

                              <server-identities>

                                <ssl protocol="TLS">

                                    <keystore path="C:/certs/test.jks" keystore-password="test" alias="test"/>

                                </ssl>

                            </server-identities>

                        </security-realm>

                    </security-realms>

                    <audit-log>

                        <formatters>

                            <json-formatter name="json-formatter"/>

                        </formatters>

                        <handlers>

                            <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>

                        </handlers>

                        <logger log-boot="true" log-read-only="false" enabled="false">

                            <handlers>

                                <handler name="file"/>

                            </handlers>

                        </logger>

                    </audit-log>

                    <management-interfaces>

                        <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">

                            <socket-binding http="management-http"/>

                        </http-interface>

                    </management-interfaces>

                    <access-control provider="simple">

                        <role-mapping>

                            <role name="SuperUser">

                                <include>

                                    <user name="$local"/>

                                </include>

                            </role>

                        </role-mapping>

                    </access-control>

                </management>

                <profile>

                    <subsystem xmlns="urn:jboss:domain:logging:3.0">

                        <console-handler name="CONSOLE">

                            <level name="INFO"/>

                            <formatter>

                                <named-formatter name="COLOR-PATTERN"/>

                            </formatter>

                        </console-handler>

                        <periodic-rotating-file-handler name="FILE" autoflush="true">

                            <formatter>

                                <named-formatter name="PATTERN"/>

                            </formatter>

                            <file relative-to="jboss.server.log.dir" path="server.log"/>

                            <suffix value=".yyyy-MM-dd"/>

                            <append value="true"/>

                        </periodic-rotating-file-handler>

                        <logger category="com.arjuna">

                            <level name="WARN"/>

                        </logger>

                        <logger category="org.jboss.as.config">

                            <level name="DEBUG"/>

                        </logger>

                        <logger category="sun.rmi">

                            <level name="WARN"/>

                        </logger>

                        <root-logger>

                            <level name="INFO"/>

                            <handlers>

                                <handler name="CONSOLE"/>

                                <handler name="FILE"/>

                            </handlers>

                        </root-logger>

                        <formatter name="PATTERN">

                            <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>

                        </formatter>

                        <formatter name="COLOR-PATTERN">

                            <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>

                        </formatter>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:batch-jberet:1.0">

                        <default-job-repository name="in-memory"/>

                        <default-thread-pool name="batch"/>

                        <job-repository name="in-memory">

                            <in-memory/>

                        </job-repository>

                        <thread-pool name="batch">

                            <max-threads count="10"/>

                            <keepalive-time time="30" unit="seconds"/>

                        </thread-pool>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>

                    <subsystem xmlns="urn:jboss:domain:datasources:4.0">

                        <datasources>

                            <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">

                                <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>

                                <driver>h2</driver>

                                <security>

                                    <user-name>sa</user-name>

                                    <password>sa</password>

                                </security>

                            </datasource>

                            <drivers>

                                <driver name="h2" module="com.h2database.h2">

                                    <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>

                                </driver>

                            </drivers>

                        </datasources>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">

                        <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:ee:4.0">

                        <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>

                        <concurrent>

                            <context-services>

                                <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>

                            </context-services>

                            <managed-thread-factories>

                                <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>

                            </managed-thread-factories>

                            <managed-executor-services>

                                <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>

                            </managed-executor-services>

                            <managed-scheduled-executor-services>

                                <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>

                            </managed-scheduled-executor-services>

                        </concurrent>

                        <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:ejb3:4.0">

                        <session-bean>

                            <stateless>

                                <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>

                            </stateless>

                            <stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>

                            <singleton default-access-timeout="5000"/>

                        </session-bean>

                        <pools>

                            <bean-instance-pools>

                                <!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->

                                <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>

                                <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>

                            </bean-instance-pools>

                        </pools>

                        <caches>

                            <cache name="simple"/>

                            <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>

                        </caches>

                        <passivation-stores>

                            <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>

                        </passivation-stores>

                        <async thread-pool-name="default"/>

                        <timer-service thread-pool-name="default" default-data-store="default-file-store">

                            <data-stores>

                                <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>

                            </data-stores>

                        </timer-service>

                        <remote connector-ref="http-remoting-connector" thread-pool-name="default"/>

                        <thread-pools>

                            <thread-pool name="default">

                                <max-threads count="10"/>

                                <keepalive-time time="100" unit="milliseconds"/>

                            </thread-pool>

                        </thread-pools>

                        <default-security-domain value="other"/>

                        <default-missing-method-permissions-deny-access value="true"/>

                        <log-system-exceptions value="true"/>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:io:1.1">

                        <worker name="default"/>

                        <buffer-pool name="default"/>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:infinispan:4.0">

                        <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">

                            <local-cache name="default">

                                <transaction mode="BATCH"/>

                            </local-cache>

                        </cache-container>

                        <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">

                            <local-cache name="passivation">

                                <locking isolation="REPEATABLE_READ"/>

                                <transaction mode="BATCH"/>

                                <file-store passivation="true" purge="false"/>

                            </local-cache>

                            <local-cache name="persistent">

                                <locking isolation="REPEATABLE_READ"/>

                                <transaction mode="BATCH"/>

                                <file-store passivation="false" purge="false"/>

                            </local-cache>

                        </cache-container>

                        <cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">

                            <local-cache name="passivation">

                                <locking isolation="REPEATABLE_READ"/>

                                <transaction mode="BATCH"/>

                                <file-store passivation="true" purge="false"/>

                            </local-cache>

                            <local-cache name="persistent">

                                <locking isolation="REPEATABLE_READ"/>

                                <transaction mode="BATCH"/>

                                <file-store passivation="false" purge="false"/>

                            </local-cache>

                        </cache-container>

                        <cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">

                            <local-cache name="entity">

                                <transaction mode="NON_XA"/>

                                <eviction strategy="LRU" max-entries="10000"/>

                                <expiration max-idle="100000"/>

                            </local-cache>

                            <local-cache name="local-query">

                                <eviction strategy="LRU" max-entries="10000"/>

                                <expiration max-idle="100000"/>

                            </local-cache>

                            <local-cache name="timestamps"/>

                        </cache-container>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>

                    <subsystem xmlns="urn:jboss:domain:jca:4.0">

                        <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>

                        <bean-validation enabled="true"/>

                        <default-workmanager>

                            <short-running-threads>

                                <core-threads count="50"/>

                                <queue-length count="50"/>

                                <max-threads count="50"/>

                                <keepalive-time time="10" unit="seconds"/>

                            </short-running-threads>

                            <long-running-threads>

                                <core-threads count="50"/>

                                <queue-length count="50"/>

                                <max-threads count="50"/>

                                <keepalive-time time="10" unit="seconds"/>

                            </long-running-threads>

                        </default-workmanager>

                        <cached-connection-manager/>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:jdr:1.0"/>

                    <subsystem xmlns="urn:jboss:domain:jmx:1.3">

                        <expose-resolved-model/>

                        <expose-expression-model/>

                        <remoting-connector/>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:jpa:1.1">

                        <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:jsf:1.0"/>

                    <subsystem xmlns="urn:jboss:domain:mail:2.0">

                        <mail-session name="default" jndi-name="java:jboss/mail/Default">

                            <smtp-server outbound-socket-binding-ref="mail-smtp"/>

                        </mail-session>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:naming:2.0">

                        <remote-naming/>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:pojo:1.0"/>

                    <subsystem xmlns="urn:jboss:domain:remoting:3.0">

                        <endpoint/>

                        <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:resource-adapters:4.0"/>

                    <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>

                    <subsystem xmlns="urn:jboss:domain:sar:1.0"/>

                    <subsystem xmlns="urn:jboss:domain:security-manager:1.0">

                        <deployment-permissions>

                            <maximum-set>

                                <permission class="java.security.AllPermission"/>

                            </maximum-set>

                        </deployment-permissions>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:security:1.2">

                        <security-domains>

                            <security-domain name="other" cache-type="default">

                                <authentication>

                                    <login-module code="Remoting" flag="optional">

                                        <module-option name="password-stacking" value="useFirstPass"/>

                                    </login-module>

                                    <login-module code="RealmDirect" flag="required">

                                        <module-option name="password-stacking" value="useFirstPass"/>

                                    </login-module>

                                </authentication>

                            </security-domain>

                            <security-domain name="jboss-web-policy" cache-type="default">

                                <authorization>

                                    <policy-module code="Delegating" flag="required"/>

                                </authorization>

                            </security-domain>

                            <security-domain name="jboss-ejb-policy" cache-type="default">

                                <authorization>

                                    <policy-module code="Delegating" flag="required"/>

                                </authorization>

                            </security-domain>

                            <security-domain name="jaspitest" cache-type="default">

                                <authentication-jaspi>

                                    <login-module-stack name="dummy">

                                        <login-module code="Dummy" flag="optional"/>

                                    </login-module-stack>

                                    <auth-module code="Dummy"/>

                                </authentication-jaspi>

                            </security-domain>

                        </security-domains>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:transactions:3.0">

                        <core-environment>

                            <process-id>

                                <uuid/>

                            </process-id>

                        </core-environment>

                        <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:undertow:3.0">

                        <buffer-cache name="default"/>

                        <server name="default-server">

                           <https-listener name="default" security-realm="ApplicationRealm" socket-binding="https"/>

                            <host name="default-host" alias="localhost">

                                <location name="/" handler="welcome-content"/>

                                <filter-ref name="server-header"/>

                                <filter-ref name="x-powered-by-header"/>

                            </host>

                        </server>

                        <servlet-container name="default">

                            <jsp-config/>

                            <websockets/>

                        </servlet-container>

                        <handlers>

                            <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>

                        </handlers>

                        <filters>

                            <response-header name="server-header" header-name="Server" header-value="WildFly/10"/>

                            <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>

                        </filters>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:webservices:2.0">

                        <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>

                        <endpoint-config name="Standard-Endpoint-Config"/>

                        <endpoint-config name="Recording-Endpoint-Config">

                            <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">

                                <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>

                            </pre-handler-chain>

                        </endpoint-config>

                        <client-config name="Standard-Client-Config"/>

                    </subsystem>

                    <subsystem xmlns="urn:jboss:domain:weld:3.0"/>

                </profile>

                <interfaces>

                    <interface name="management">

                        <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>

                    </interface>

                    <interface name="public">

                        <inet-address value="${jboss.bind.address:127.0.0.1}"/>

                    </interface>

                </interfaces>

                <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

                    <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>

                    <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>

                    <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>

                    <socket-binding name="http" port="${jboss.http.port:8080}"/>

                    <socket-binding name="https" port="${jboss.https.port:8443}"/>

                    <socket-binding name="txn-recovery-environment" port="4712"/>

                    <socket-binding name="txn-status-manager" port="4713"/>

                    <outbound-socket-binding name="mail-smtp">

                        <remote-destination host="localhost" port="25"/>

                    </outbound-socket-binding>

                </socket-binding-group>

            </server>