[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] problem with security constraint
|
Hi,
So I've been busy with other stuff and a colleague of mine have been
taken the issue and here is what he found so far.
If there is "securityHandler" enabled the redirect works. So when we
add this in the context configuration it works:
<Get name="securityHandler">
<Set name="loginService">
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home"
default="."/>/etc/realm.properties</Set>
<!-- To enable reload of realm when properties change,
uncomment the following lines -->
<!-- changing refreshInterval (in seconds) as desired
-->
<!--
<Set name="refreshInterval">5</Set>
<Call name="start"></Call>
-->
</New>
</Set>
<Set name="checkWelcomeFiles">true</Set>
</Get>
So my questions are
1. Why do we need a "securityHandler"?
and
2. What is the right configuration when I need only to redirect users
but not to authenticate them?
On Fri, Jan 13, 2012 at 13:17, Thomas Becker <tbecker@xxxxxxxxxxx> wrote:
> Hi Mario,
>
> I've setup the same thing again within 5 min. by just using the standard
> jetty config files, creating a keystore and enabling jetty-ssl.xml in
> start.ini. It works just fine.
>
> Here's the web.xml excerpt I've used.
>
> <!-- redirect everything to confidential port -->
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Context</web-resource-name>
>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> Pretty much the same thing as you have and it simply works. All calls to
> this webapp get redirected to https. So I don't have a clue why this is not
> working for you. I've tested with 7.6.0-SNAPSHOT, but that shouldn't make a
> difference in this case.
>
> Cheers,
> Thomas
>
> On 1/12/12 10:20 AM, Thomas Becker wrote:
>>
>> Hi Mario,
>>
>> at a first glimpse your config looks completely ok to me. If I will find
>> some time to do so, I will see if I can put a config together that works and
>> paste it to you. You can then start with a config that is known to work and
>> if it still doesn't work for you, we at least know it's not the config.
>>
>> Cheers,
>> Thomas
>>
>> On 1/11/12 12:42 PM, Mario Georgiev wrote:
>>>
>>> Hi,
>>>
>>> Yes I have "confidentialPort" set in the config.
>>> Here are the configurations for the connectors:
>>>
>>> <New id="sslContextFactory"
>>> class="org.eclipse.jetty.http.ssl.SslContextFactory">
>>> <Set name="KeyStore"><Property name="jetty.home" default="."
>>> />mykey.keystore</Set>
>>> <Set name="KeyStorePassword">pass</Set>
>>> <Set name="KeyManagerPassword">pass</Set>
>>> <Set name="TrustStore"><Property name="jetty.home" default="."
>>> />mytruststore.keystore</Set>
>>> <Set name="TrustStorePassword">pass</Set>
>>> </New>
>>>
>>> <Call name="addConnector">
>>> <Arg>
>>> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
>>> <Arg><Ref id="sslContextFactory" /></Arg>
>>> <Set name="Port">8443</Set>
>>>
>>> <Set name="maxIdleTime">45000</Set>
>>> <Set name="AcceptQueueSize">100</Set>
>>> <Set name="Acceptors">2</Set>
>>> <Set name="lowResourcesConnections">11000</Set>
>>> <Set name="lowResourcesMaxIdleTime">1000</Set>
>>> </New>
>>> </Arg>
>>> </Call>
>>>
>>> <Call name="addConnector">
>>> <Arg>
>>> <New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
>>> <Set name="host">
>>> <Property name="jetty.host" />
>>> </Set>
>>> <Set name="port">
>>> <Property name="jetty.port" default="8080" />
>>> </Set>
>>> <Set name="maxIdleTime">45000</Set>
>>> <Set name="Acceptors">2</Set>
>>> <Set name="statsOn">false</Set>
>>> <Set name="confidentialPort">8443</Set>
>>> <Set name="lowResourcesConnections">10000</Set>
>>> <Set name="lowResourcesMaxIdleTime">5000</Set>
>>> <Set name="ThreadPool">
>>> <New class="org.eclipse.jetty.util.thread.QueuedThreadPool">
>>> <Set name="name">SSL Thread Pool</Set>
>>> <Set name="minThreads">10</Set>
>>> <Set name="maxThreads">400</Set>
>>> </New>
>>> </Set>
>>> </New>
>>> </Arg>
>>> </Call>
>>>
>>>
>>> Do you know where in the code to look for these settings?
>>> I can try to debug it and see what is going on, I just need some
>>> direction to look for.
>>>
>>>
>>> On Wed, Jan 11, 2012 at 11:15, Simone Bordet<sbordet@xxxxxxxxxxx> wrote:
>>>>
>>>> Hi,
>>>>
>>>> On Wed, Jan 11, 2012 at 10:05, Mario Georgiev<mario@xxxxxxxxxxxxxx>
>>>> wrote:
>>>>>
>>>>> Hi Thomas,
>>>>>
>>>>> The SSL connector is setup as it should and works like a charm. I have
>>>>> working SSL environment and I can open pages/access resources on https
>>>>> with no problems at all.
>>>>> The redirect from http to https that should happen from the
>>>>> configuration with this security constraint - that is not working.
>>>>>
>>>>> I forgot to tell: Jetty version I use is 7.5.4.v20111024
>>>>
>>>> Did you specify the confidentialPort in the non-SSL connector ?
>>>> Otherwise Jetty will not know where to redirect to.
>>>>
>>>> Simon
>>>> --
>>>> http://cometd.org
>>>> http://intalio.com
>>>> http://bordet.blogspot.com
>>>> ----
>>>> Finally, no matter how good the architecture and design are,
>>>> to deliver bug-free software with optimal performance and reliability,
>>>> the implementation technique must be flawless. Victoria Livschitz
>>>> _______________________________________________
>>>> jetty-users mailing list
>>>> jetty-users@xxxxxxxxxxx
>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>
>>>
>>>
>>
>
> --
> thomas becker
> tbecker@xxxxxxxxxxx
>
> http://webtide.com / http://intalio.com
> (the folks behind jetty and cometd)
>
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users
--
Regards,
Mario Georgiev
Senior Web Developer
Trading 212
www.trading212.com
E-mail: mario.georgiev@xxxxxxxxxxxxxx
