users@glassfish.java.net

Re: what ever happened to automatic redirect?

From: Oleksiy Stashok <Oleksiy.Stashok_at_Sun.COM>
Date: Thu, 15 Oct 2009 11:01:44 +0200

Hi,

actually we have this feature (port-unification) supported, but we
don't have corresponding CLI commands for it, so it's not public.
Here how you can configure admin protocol to support automatic http-
>https redirection.

Hope this will help.

WBR,
Alexey.

          <protocol name="admin-listener">
            <port-unification>
              <protocol-finder protocol="admin-listener-http"
classname="com.sun.grizzly.config.HttpProtocolFinder" name="http-
finder" />
              <protocol-finder protocol="http-redirect"
classname="com.sun.grizzly.config.HttpProtocolFinder" name="http-
redirect" />
            </port-unification>
          </protocol>

           <protocol security-enabled="true" name="admin-listener-http">
             <http max-connections="250" default-virtual-
server="__asadmin" server-name="">
               <file-cache enabled="false" />
             </http>
             <ssl ssl3-enabled="false" cert-nickname="s1as" />
           </protocol>

<protocol name="http-redirect">
            <protocol-chain-instance-handler>
              <protocol-chain>
                <protocol-filter
classname="com.sun.grizzly.config.HttpRedirectFilter" name="redirect-
filter" />
              </protocol-chain>
            </protocol-chain-instance-handler>
          </protocol>



On Oct 14, 2009, at 23:20 , Kedar Mhaswade wrote:

> vince kraemer wrote:
>> kedar wrote:
>>> It was available only on the enterprise profile domain by default.
>> That is not what I ran into in testing, yesterday.
>> Here is the test that I did...
>> 1. java -jar the v2.1 jar.
>> 2. ant -f setup.xml
>> 3. start the default domain
>> 4. open the admin gui
>> 5. use the admin gui to change the 'security' flag on the admin
>> listener.
>> 6. restart the server.
>> 7. use http://localhost:4848 to reconnect with the admin listener
>> on the restarted server
>
> I see. Admin backend was smart back then ;).
> <property name="proxiedProtocols" value="http"/> was added domain.xml
> when you did that on the console which made the redirection possible.
>
> It will be nice if we did similar thing in v3. But I believe it is a
> bigger change to support this for v3 since we it differently in
> Grizzly now. Can you file a bug/RFE for this?
>
> -Kedar
>
>
>> the redirect happened, with no additional configuration...
>>> Otherwise
>>> you had to add a property (proxiedProtocols) by hand. Since we
>>> don't have
>>> an enterprise profile domain in v3 yet, technically, this ability
>>> has to
>>> reappear in v3 ;)
>> Ummm...
>>>
>>> But I understand what you mean. You just want http://host:admin-
>>> port to
>>> redirect to https://host:admin-port if admin-listener is secure on
>>> given
>>> host and port. Makes sense.
>>>
>>> JF -- How should this be done on Grizzly 1.9.18+? I believe this
>>> has changed
>>> from Grizzly 1.0.x (v2), right?
>>>
>>> -Kedar
>>>
>>> vince kraemer wrote:
>>>> Hi all,
>>>>
>>>> back in the v2 timeframe, I think I remember being able to type http://localhost:4848
>>>> into the browser's address field... even when the server had
>>>> security enabled on the admin-listener...
>>>>
>>>> The server would do a redirect to get the browser to speak https.
>>>>
>>>> It seems like that feature went away with v3.
>>>>
>>>> Or has senility set in???
>>>>
>>>> Thanks,
>>>> vbk
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>