Hi,
glassfish_at_javadesktop.org wrote:
> I want to run my Web application with https. When users access
> http://www.myweb.com, I want the Web server to automatically redirect to https://www.myweb.com. However, I am running into a few issues:
>
> 1. How do I tell Application Server 9 to create a listener on the default port. Right now, I have the listener using port 80 - users will have to enter https://www.myweb.com:80. I don't want to require them to enter :80. I thought a listener on 80 automatically listens to URLs, even if they don't include that port. But, when I type in the URL without port, all I get is a "Gateway Timeout Error". What do I need to do to set up the port correctly?
>
Strange. It is usually the browser that handle that part. e.g. if you
type
http://xxxxx, under the hood the browser will append :80. Is there
any proxy between the AS and your browser?
> 2. In the screen where I set up the listener, I checked the "Security: Enabled" check box. Now, when I load the Web application, the listener listens on https:. Now, how do I tell the application server to forward requests for http:// to https://?
Three solutions:
[Solution 1] For GlassFish v1.0
(1) you just have to map all request to /* and add the a security
constraint:
In web.xml:
<servlet>
<servlet-name>MyServlet</servlet-name>
<servlet-class>test.MyServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MyServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>secure</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
(2) Edit ${glassfish.home}/domains/domain1/config/domain.xml, and add
the redirect-port attribute to you http-listener that listen on port 80:
> <http-listener acceptor-threads="1" address="0.0.0.0" blocking-enabled="false" default-virtual-server="server" enabled="true" family="inet" id="http-listener-1" port="8080" security-enabled="false" server-name="" xpowered-by="true">
add <http-listener .... redirect-port="443">. 443 is the default ssl
port. You can also do it by using the admin-gui and entering the value
under
Configuration> HTTP Service> HTTP Listeners> http-listener-1> Redirect Port:
Make sure you have defined an http-listener that listen on port 443.
(3) Deploy your application and then set as the default-web module of
the virtual-server server. You can do it using admin-gui:
Configuration> HTTP Service> Virtual Servers> server> Default Web Module
Now all requests made to
http://<host>/* will be redirected to
https://<host>/.
The "problem" with this approach is if you deploy another application
under /myApp2, you also need to make sure the user-data-constraint
element is added in web.xml if you want all requests from
http://<host>/myApp2 to be redirected to
https://<host>/myApp2. Hence
this solution is not very useful if you want everything redirected to 443.
[Solution 2] For GlassFish v1.0
A simple approach is to define a Filter that will automatically redirect
all requests to https. Just define your filter in
${glassfish.home}/domains/domain1/config/default-web.xml:
<filter>
<display-name>FilterTest</display-name>
<filter-name>FilterTest</filter-name>
<filter-class>test.FilterTest</filter-class>
</filter>
<filter-mapping>
<filter-name>FilterTest</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
Compile your Filter, jar it (ex: filter.jar) and put it under
${glassfish.home}/lib/Filter.jar. Now when an application is deployed in
GlassFish, all applications will have that Filter installed by default.
In your filter, you will do something like:
if (request.isSecure()){
//continue
} else {
response.sendRedirect("
https://localhost:443" +
request.getRequestURI());
}
[Solution 3] For GlassFish v2.0
Just edit ${glassfish.home}/domains/domain1/config/domain.xml.
(1) Make sure the security-enabled attribute of http-listener which
listen port 443 equals true:
> <http-listener acceptor-threads="1" address="0.0.0.0" blocking-enabled="false" default-virtual-server="server" enabled="true" family="inet" id="http-listener-2" port="443" security-enabled="true" server-name="" xpowered-by="true"
Add under this element the following line:
<property name="proxiedProtocols" value="http"/> (see [1])
You an do it using admin-gui as well by following:
Configuration> HTTP Service> HTTP Listeners> http-listener-1
Restart GlassFish. Now all requests made to port 80 will be redirected
to port 443.
Hope that help.
-- Jeanfrancois
[1]
http://weblogs.java.net/blog/jfarcand/archive/2006/11/one_port_to_rul.html
>
> Thank you!
> [Message sent by forum member 'dailysun' (dailysun)]
>
> http://forums.java.net/jive/thread.jspa?messageID=204409
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>