• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

http to https redirect jboss 5.0.1 GA

 
Ranch Hand
Posts: 201
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi guys,

I want to redirect the http request automatically to https if the user hits the url that is security constrained using



I am defining this constraint my application's web.xml and if I hit the URL with https, then the request gets completed, but if I hit the URL with http, the browser shows the message


Firefox can't establish a connection to the server at localhost:8443.

I want the server to automatically use https rather than http, how can I do that?

Can some one point me to the right direction ?

Thank you.

 
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Have you enabled the HTTPS connector in the server.xml file? What changes have you done there?
 
Jaikiran Pai
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
By the way, I was planning to point you to the Configuring HTTPS chapter in JBoss AS5 configuration guide, but apparently there's no such chapter for AS-5. AS-4 guide had a separate chapter for this.
 
Girish Vasmatkar
Ranch Hand
Posts: 201
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Jaikiran for the reply,

The server.xml found under server\default\deploy\jbossweb.sar\server.xml has this code snippet, which is commented



Do I need to un-comment this code, and it will automatically redirect to the https request ?
 
Greenhorn
Posts: 6
Eclipse IDE Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Step1 -->locate the server.xml inside jboss/server/<NAME>/deploy/jbossweb-tomcat55.sar/, and then change the port=”8080″ parameter in the HTTP Connector to your wishes, for example port 80 as I have done it here.
<!-- A HTTP/1.1 Connector on port 8080 -->
<Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}"
maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"/>

Step2 -->Find the “Host” section, and uncomment the following Valve
<!-- Uncomment to enable single sign-on across web apps
deployed to this host. Does not provide SSO across a cluster.

If this valve is used, do not use the JBoss ClusteredSingleSignOn
valve shown below.

A new configuration attribute is available beginning with
release 4.0.4:

cookieDomain configures the domain to which the SSO cookie
will be scoped (i.e. the set of hosts to
which the cookie will be presented). By default
the cookie is scoped to "/", meaning the host
that presented it. Set cookieDomain to a
wider domain (e.g. "xyz.com") to allow an SSO
to span more than one hostname.
-->

<Valve className="org.apache.catalina.authenticator.SingleSignOn" />

Step3 -->In your jboss-web.xml it’s important that all the web applications that are going to “exchange” credentials points to the same security-domain
<jboss-web>
<security-domain>java:/jaas/USE_THE_SAME_APPLICATION_POLICY_HERE</security-domain>
<context-root>/YOUR_APPLICATION_ROOT</context-root> (OPTIONAL)
</jboss-web>

Step4 -->I’m using a self-signed certificate in my application, but the procedure would be more or less the same even if you are going to use a certificate from a Certification Authority.
Generate the keystore. keytool -genkey -alias tomcat -keyalg RSA -keystore NAME_OF_KEYSTORE -validity NUMBER_OF_DAYS
Here is my Ant Target for it which you can mention in your build.properties file to automate it using build.xml:
<target name="generate-selfsignedcert-keystore" depends="generate-certificate-request">
<delete file="conf/xyz.keystore" failonerror="false" />
<exec executable="${keytool}" spawn="true">
<arg value="-genkey"/>
<arg value="-keystore"/>
<arg value="conf/xyz.keystore"/>
<arg value="-storepass"/>
<arg value="mypassword"/>
<arg value="-keypass"/>
<arg value="mypassword"/>
<arg value="-keyalg"/>
<arg value="RSA"/>
<arg value="-validity"/>
<arg value="365"/>
<arg value="-alias"/>
<arg value="xyz"/>
<arg value="-dname"/>
<arg value="CN=YOUR-APPLICATION-CN,OU=Solutions Engineering,O=YOUR-APPLICATION-ORG,L=YOUR-APPLICATION-LOCATION,S=YOUR-APPLICATION-LOCATION-STATE,C=YOUR-APPLICATION-COUNTRY-CODE"/>
</exec>
</target>

Step5 --> Configure the generated keystore in server.xml:
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/xyz.keystore"
keystorePass="mypassword" sslProtocol = "TLS" />

You should be all set.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic