Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] redirect to https BEFORE basic authentication 
me again.
Still couldn't managed to solve my issue.

I see two possible solutions:
1) Intercept jetty before basic auth, --> redirect to https
(unfortunately, filters get invoked later)
2) Make basic auth for https connections only, therefore skip auth on http

Any ideas how I can achieve one of those two approaches?

thanks.

On 22.01.2013 12:26, Gregor Jarisch wrote:
> Hi there,
>
> I am facing the following problem. I have an embedded jetty (8.1.7) and
> I'd like to run my application on https only.
> Furthermore my users have to authenticate via basic auth. The redirect
> from http to https works fine, the problem is that jetty is asking for
> authentication on http too before the redirect, instead of redirecting
> to https first.
>
> How can I prevent the insecure basic prompt on http? 
>
> Thanks.
>
> This is my code:
>
>         List<Connector> connectors = new LinkedList<Connector>();
>
>         SelectChannelConnector proxyConnector = new
> SelectChannelConnector() {
>             @Override
>             public void customize(EndPoint endpoint, Request request)
> throws IOException {
>                 request.setScheme("https");
>                 super.customize(endpoint, request);
>             }
>         };
>
>         proxyConnector.setHost("localhost");
>         proxyConnector.setPort(80);
>         proxyConnector.setConfidentialPort(443);
>         proxyConnector.setIntegralPort(443);
>         if (options.useBehindProxy) {
>             proxyConnector.setHostHeader("localhost:443");
>             proxyConnector.setForwarded(true);
>         }
>         connectors.add(proxyConnector);
>
>         ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
>         csh.setAuthenticator(new BasicAuthenticator());
>         csh.setRealmName("realm");
>         csh.setLoginService(options.loginService);
>
>         Constraint basicAuthConstraint = new Constraint();
>         basicAuthConstraint.setName(Constraint.__BASIC_AUTH);
>         basicAuthConstraint.setRoles(new String[]{"user"});
>         basicAuthConstraint.setAuthenticate(true);
>         basicAuthConstraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);
>
>         ConstraintMapping cm = new ConstraintMapping();
>         cm.setConstraint(basicAuthConstraint);
>         cm.setPathSpec("/*");
>        csh.addConstraintMapping(cm);
>        context.setSecurityHandler(csh);
>
>         SslSocketConnector sslConnector = new SslSocketConnector();
>         sslConnector.setPort(443);
>         sslConnector.setPassword("...");
>         sslConnector.setKeyPassword("...");
>         sslConnector.setKeystore("...");
>         sslConnector.setTrustPassword("...");
>         connectors.add(sslConnector);
>
>         server.setConnectors(connectors.toArray(new
> Connector[connectors.size()]));
>
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users


-- 
Ing. Gregor Jarisch
entrepreneurship & development

Back to the top