3 Replies Latest reply on May 21, 2002 8:56 PM by Julian Gosnell

    security configuration

    andre gerard Newbie

      I would like to use 2 separate https listeners (for security reason) one for server administration jsp , the other for an external interface.
      How can I map/disable servlet/jsp to specific port/jsselistener.

      Thanks.

        • 1. Re: security configuration
          Julian Gosnell Expert

          If you are using JBoss3 i have heard reports of people running up 2 Jetty services within a single JBoss.

          Only one can be registered as the WAR deployer.

          You can statically configure the other via it's ConfigurationElement to load your administration webapp.

          I haven't tried this, but it should be possible - if you have any problems, let me know and we can work through them.

          If you look on jetty.mortbay.org you should find what you need to get https going.

          If you're using Tomcat - you might be able to do a similar sort of thing - I'm not sure if the Catalina service still reads a server.xml....(or if Catalina has one!)


          Jules

          • 2. Re: security configuration
            andre gerard Newbie

            I had no problem to run 2 https listener or more.

            I am now going to modify the Security Handler. I feel like being able to choose between between CONFIDENTIAL , INTEGRAL or NONE (within the transport-guarantee element in web.xml) is not suficient. I will add my own protocol CONFIDENTIAL_8443 and CONFIDENTIAL_8444 allowing only https respectively over port 8443 and 8444.

            In the long term it would probably be good to plan to add similar functionality in JBOSS/JETTY as an extra feature, as It would make it very easy implements security constraints using jboss/jetty and standard firewall. What is your view on this Jules?



            • 3. Re: security configuration
              Julian Gosnell Expert

              Not being a security guru - I'm not the right member of the Jetty team to field this (but probably the only one to read these fora regularly...)

              If it goes beyond the relevant spec, my suspicion is that the answer would be something like - "Jetty is made this flexible in order to facilitate exactly this sort of extension, however the Jetty core release is kept small and simple by just implementing the spec as efficiently as possible...." - otherwise :

              If you are interested in contributing this check out jetty.mortbay.com and maybe kick off a thread on jetty-discuss@yahoogroups.com. If this is a common paradigm it might be useful to at least have a FAQ entry or maybe include something in the JettyExtra package available on SourceForge....

              Thanks for your interest,


              Jules