[jetty-users] redirect to https BEFORE basic authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] redirect to https BEFORE basic authentication

From: Gregor Jarisch <gregor@xxxxxxxxxxx>
Date: Tue, 22 Jan 2013 12:26:28 +0100
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130107 Thunderbird/17.0.2

Hi there,

I am facing the following problem. I have an embedded jetty (8.1.7) and
I'd like to run my application on https only.
Furthermore my users have to authenticate via basic auth. The redirect
from http to https works fine, the problem is that jetty is asking for
authentication on http too before the redirect, instead of redirecting
to https first.

How can I prevent the insecure basic prompt on http? 

Thanks.

This is my code:

        List<Connector> connectors = new LinkedList<Connector>();

        SelectChannelConnector proxyConnector = new
SelectChannelConnector() {
            @Override
            public void customize(EndPoint endpoint, Request request)
throws IOException {
                request.setScheme("https");
                super.customize(endpoint, request);
            }
        };

        proxyConnector.setHost("localhost");
        proxyConnector.setPort(80);
        proxyConnector.setConfidentialPort(443);
        proxyConnector.setIntegralPort(443);
        if (options.useBehindProxy) {
            proxyConnector.setHostHeader("localhost:443");
            proxyConnector.setForwarded(true);
        }
        connectors.add(proxyConnector);

        ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
        csh.setAuthenticator(new BasicAuthenticator());
        csh.setRealmName("realm");
        csh.setLoginService(options.loginService);

        Constraint basicAuthConstraint = new Constraint();
        basicAuthConstraint.setName(Constraint.__BASIC_AUTH);
        basicAuthConstraint.setRoles(new String[]{"user"});
        basicAuthConstraint.setAuthenticate(true);
        basicAuthConstraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);

        ConstraintMapping cm = new ConstraintMapping();
        cm.setConstraint(basicAuthConstraint);
        cm.setPathSpec("/*");
       csh.addConstraintMapping(cm);
       context.setSecurityHandler(csh);

        SslSocketConnector sslConnector = new SslSocketConnector();
        sslConnector.setPort(443);
        sslConnector.setPassword("...");
        sslConnector.setKeyPassword("...");
        sslConnector.setKeystore("...");
        sslConnector.setTrustPassword("...");
        connectors.add(sslConnector);

        server.setConnectors(connectors.toArray(new
Connector[connectors.size()]));

Follow-Ups:
- Re: [jetty-users] redirect to https BEFORE basic authentication
  - From: Gregor Jarisch

Prev by Date: [jetty-users] RE
Next by Date: [jetty-users] Jetty 9.0.0.M5 available
Previous by thread: [jetty-users] RE
Next by thread: Re: [jetty-users] redirect to https BEFORE basic authentication
Index(es):
- Date
- Thread

Breadcrumbs