[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] problem with security constraint
|
yes, and it should be in the RC5 binaries available in maven central
and for download from eclipse.
jesse
--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx
On Mon, Jan 23, 2012 at 08:57, Mario Georgiev <mario@xxxxxxxxxxxxxx> wrote:
> Hi Thomas,
>
> OK, that sounds good that the bug is found and fixed :)
> Do you know is it going to be in Jetty 7.6?
>
> On Mon, Jan 23, 2012 at 16:46, Thomas Becker <tbecker@xxxxxxxxxxx> wrote:
>> Hi Mario,
>>
>> this is a bug in jetty which we recently have fixed:
>> https://bugs.eclipse.org/bugs/show_bug.cgi?id=368773
>> Sorry, didn't remember your email. Otherwise I would have reported that to
>> you earlier.
>>
>> Cheers,
>> Thomas
>>
>>
>> On 1/23/12 3:41 PM, Mario Georgiev wrote:
>>>
>>> Hi,
>>>
>>> So I've been busy with other stuff and a colleague of mine have been
>>> taken the issue and here is what he found so far.
>>>
>>> If there is "securityHandler" enabled the redirect works. So when we
>>> add this in the context configuration it works:
>>>
>>> <Get name="securityHandler">
>>> <Set name="loginService">
>>> <New class="org.eclipse.jetty.security.HashLoginService">
>>> <Set name="name">Test Realm</Set>
>>> <Set name="config"><SystemProperty name="jetty.home"
>>> default="."/>/etc/realm.properties</Set>
>>> <!-- To enable reload of realm when properties change,
>>> uncomment the following lines -->
>>> <!-- changing refreshInterval (in seconds) as desired
>>> -->
>>> <!--
>>> <Set name="refreshInterval">5</Set>
>>> <Call name="start"></Call>
>>> -->
>>> </New>
>>> </Set>
>>> <Set name="checkWelcomeFiles">true</Set>
>>> </Get>
>>>
>>> So my questions are
>>> 1. Why do we need a "securityHandler"?
>>> and
>>> 2. What is the right configuration when I need only to redirect users
>>> but not to authenticate them?
>>>
>>> On Fri, Jan 13, 2012 at 13:17, Thomas Becker<tbecker@xxxxxxxxxxx> wrote:
>>>>
>>>> Hi Mario,
>>>>
>>>> I've setup the same thing again within 5 min. by just using the standard
>>>> jetty config files, creating a keystore and enabling jetty-ssl.xml in
>>>> start.ini. It works just fine.
>>>>
>>>> Here's the web.xml excerpt I've used.
>>>>
>>>> <!-- redirect everything to confidential port -->
>>>> <security-constraint>
>>>> <web-resource-collection>
>>>> <web-resource-name>Protected Context</web-resource-name>
>>>>
>>>> <url-pattern>/*</url-pattern>
>>>> </web-resource-collection>
>>>> <user-data-constraint>
>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>> </user-data-constraint>
>>>> </security-constraint>
>>>>
>>>> Pretty much the same thing as you have and it simply works. All calls to
>>>> this webapp get redirected to https. So I don't have a clue why this is
>>>> not
>>>> working for you. I've tested with 7.6.0-SNAPSHOT, but that shouldn't make
>>>> a
>>>> difference in this case.
>>>>
>>>> Cheers,
>>>> Thomas
>>>>
>>>> On 1/12/12 10:20 AM, Thomas Becker wrote:
>>>>>
>>>>> Hi Mario,
>>>>>
>>>>> at a first glimpse your config looks completely ok to me. If I will find
>>>>> some time to do so, I will see if I can put a config together that works
>>>>> and
>>>>> paste it to you. You can then start with a config that is known to work
>>>>> and
>>>>> if it still doesn't work for you, we at least know it's not the config.
>>>>>
>>>>> Cheers,
>>>>> Thomas
>>>>>
>>>>> On 1/11/12 12:42 PM, Mario Georgiev wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Yes I have "confidentialPort" set in the config.
>>>>>> Here are the configurations for the connectors:
>>>>>>
>>>>>> <New id="sslContextFactory"
>>>>>> class="org.eclipse.jetty.http.ssl.SslContextFactory">
>>>>>> <Set name="KeyStore"><Property name="jetty.home" default="."
>>>>>> />mykey.keystore</Set>
>>>>>> <Set name="KeyStorePassword">pass</Set>
>>>>>> <Set name="KeyManagerPassword">pass</Set>
>>>>>> <Set name="TrustStore"><Property name="jetty.home" default="."
>>>>>> />mytruststore.keystore</Set>
>>>>>> <Set name="TrustStorePassword">pass</Set>
>>>>>> </New>
>>>>>>
>>>>>> <Call name="addConnector">
>>>>>> <Arg>
>>>>>> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
>>>>>> <Arg><Ref id="sslContextFactory" /></Arg>
>>>>>> <Set name="Port">8443</Set>
>>>>>>
>>>>>> <Set name="maxIdleTime">45000</Set>
>>>>>> <Set name="AcceptQueueSize">100</Set>
>>>>>> <Set name="Acceptors">2</Set>
>>>>>> <Set name="lowResourcesConnections">11000</Set>
>>>>>> <Set name="lowResourcesMaxIdleTime">1000</Set>
>>>>>> </New>
>>>>>> </Arg>
>>>>>> </Call>
>>>>>>
>>>>>> <Call name="addConnector">
>>>>>> <Arg>
>>>>>> <New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
>>>>>> <Set name="host">
>>>>>> <Property name="jetty.host" />
>>>>>> </Set>
>>>>>> <Set name="port">
>>>>>> <Property name="jetty.port" default="8080" />
>>>>>> </Set>
>>>>>> <Set name="maxIdleTime">45000</Set>
>>>>>> <Set name="Acceptors">2</Set>
>>>>>> <Set name="statsOn">false</Set>
>>>>>> <Set name="confidentialPort">8443</Set>
>>>>>> <Set name="lowResourcesConnections">10000</Set>
>>>>>> <Set name="lowResourcesMaxIdleTime">5000</Set>
>>>>>> <Set name="ThreadPool">
>>>>>> <New class="org.eclipse.jetty.util.thread.QueuedThreadPool">
>>>>>> <Set name="name">SSL Thread Pool</Set>
>>>>>> <Set name="minThreads">10</Set>
>>>>>> <Set name="maxThreads">400</Set>
>>>>>> </New>
>>>>>> </Set>
>>>>>> </New>
>>>>>> </Arg>
>>>>>> </Call>
>>>>>>
>>>>>>
>>>>>> Do you know where in the code to look for these settings?
>>>>>> I can try to debug it and see what is going on, I just need some
>>>>>> direction to look for.
>>>>>>
>>>>>>
>>>>>> On Wed, Jan 11, 2012 at 11:15, Simone Bordet<sbordet@xxxxxxxxxxx>
>>>>>> wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> On Wed, Jan 11, 2012 at 10:05, Mario Georgiev<mario@xxxxxxxxxxxxxx>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi Thomas,
>>>>>>>>
>>>>>>>> The SSL connector is setup as it should and works like a charm. I
>>>>>>>> have
>>>>>>>> working SSL environment and I can open pages/access resources on
>>>>>>>> https
>>>>>>>> with no problems at all.
>>>>>>>> The redirect from http to https that should happen from the
>>>>>>>> configuration with this security constraint - that is not working.
>>>>>>>>
>>>>>>>> I forgot to tell: Jetty version I use is 7.5.4.v20111024
>>>>>>>
>>>>>>> Did you specify the confidentialPort in the non-SSL connector ?
>>>>>>> Otherwise Jetty will not know where to redirect to.
>>>>>>>
>>>>>>> Simon
>>>>>>> --
>>>>>>> http://cometd.org
>>>>>>> http://intalio.com
>>>>>>> http://bordet.blogspot.com
>>>>>>> ----
>>>>>>> Finally, no matter how good the architecture and design are,
>>>>>>> to deliver bug-free software with optimal performance and reliability,
>>>>>>> the implementation technique must be flawless. Victoria Livschitz
>>>>>>> _______________________________________________
>>>>>>> jetty-users mailing list
>>>>>>> jetty-users@xxxxxxxxxxx
>>>>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>>>>
>>>>>>
>>>>>>
>>>> --
>>>> thomas becker
>>>> tbecker@xxxxxxxxxxx
>>>>
>>>> http://webtide.com / http://intalio.com
>>>> (the folks behind jetty and cometd)
>>>>
>>>> _______________________________________________
>>>> jetty-users mailing list
>>>> jetty-users@xxxxxxxxxxx
>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>
>>>
>>>
>>
>> --
>> thomas becker
>> tbecker@xxxxxxxxxxx
>>
>> http://webtide.com / http://intalio.com
>> (the folks behind jetty and cometd)
>>
>> _______________________________________________
>> jetty-users mailing list
>> jetty-users@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
>
>
> --
> Regards,
> Mario Georgiev
> Senior Web Developer
>
> Trading 212
> www.trading212.com
>
> E-mail: mario.georgiev@xxxxxxxxxxxxxx
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users
