Re: [jetty-users] problem with security constraint

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] problem with security constraint

From: Thomas Becker <tbecker@xxxxxxxxxxx>
Date: Fri, 13 Jan 2012 12:17:13 +0100
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:8.0) Gecko/20111105 Thunderbird/8.0

Hi Mario,

I've setup the same thing again within 5 min. by just using the standardjetty config files, creating a keystore and enabling jetty-ssl.xml instart.ini. It works just fine.


Here's the web.xml excerpt I've used.

<!-- redirect everything to confidential port -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Pretty much the same thing as you have and it simply works. All calls tothis webapp get redirected to https. So I don't have a clue why this isnot working for you. I've tested with 7.6.0-SNAPSHOT, but that shouldn'tmake a difference in this case.


Cheers,
Thomas
On 1/12/12 10:20 AM, Thomas Becker wrote:

Hi Mario,

at a first glimpse your config looks completely ok to me. If I willfind some time to do so, I will see if I can put a config togetherthat works and paste it to you. You can then start with a config thatis known to work and if it still doesn't work for you, we at leastknow it's not the config.


Cheers,
Thomas

On 1/11/12 12:42 PM, Mario Georgiev wrote:

Hi,

Yes I have "confidentialPort" set in the config.
Here are the configurations for the connectors:

<New id="sslContextFactory"
class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="KeyStore"><Property name="jetty.home" default="."
/>mykey.keystore</Set>
<Set name="KeyStorePassword">pass</Set>
<Set name="KeyManagerPassword">pass</Set>
<Set name="TrustStore"><Property name="jetty.home" default="."
/>mytruststore.keystore</Set>
<Set name="TrustStorePassword">pass</Set>
</New>

<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg><Ref id="sslContextFactory" /></Arg>
<Set name="Port">8443</Set>

<Set name="maxIdleTime">45000</Set>
<Set name="AcceptQueueSize">100</Set>
<Set name="Acceptors">2</Set>
<Set name="lowResourcesConnections">11000</Set>
<Set name="lowResourcesMaxIdleTime">1000</Set>
</New>
</Arg>
</Call>

<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
<Set name="host">
<Property name="jetty.host" />
</Set>
<Set name="port">
<Property name="jetty.port" default="8080" />
</Set>
<Set name="maxIdleTime">45000</Set>
<Set name="Acceptors">2</Set>
<Set name="statsOn">false</Set>
<Set name="confidentialPort">8443</Set>
<Set name="lowResourcesConnections">10000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
<Set name="ThreadPool">
<New class="org.eclipse.jetty.util.thread.QueuedThreadPool">
<Set name="name">SSL Thread Pool</Set>
<Set name="minThreads">10</Set>
<Set name="maxThreads">400</Set>
</New>
</Set>
</New>
</Arg>
</Call>


Do you know where in the code to look for these settings?
I can try to debug it and see what is going on, I just need some
direction to look for.

On Wed, Jan 11, 2012 at 11:15, Simone Bordet<sbordet@xxxxxxxxxxx>wrote:

Hi,

On Wed, Jan 11, 2012 at 10:05, Mario Georgiev<mario@xxxxxxxxxxxxxx>wrote:

Hi Thomas,

The SSL connector is setup as it should and works like a charm. I have
working SSL environment and I can open pages/access resources on https
with no problems at all.
The redirect from http to https that should happen from the
configuration with this security constraint - that is not working.

I forgot to tell: Jetty version I use is 7.5.4.v20111024

Did you specify the confidentialPort in the non-SSL connector ?
Otherwise Jetty will not know where to redirect to.

Simon
--
http://cometd.org
http://intalio.com
http://bordet.blogspot.com
----
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users


--
thomas becker
tbecker@xxxxxxxxxxx

http://webtide.com / http://intalio.com
(the folks behind jetty and cometd)

Follow-Ups:
- Re: [jetty-users] problem with security constraint
  - From: Mario Georgiev

References:
- [jetty-users] problem with security constraint
  - From: Mario Georgiev
- Re: [jetty-users] problem with security constraint
  - From: Thomas Becker
- Re: [jetty-users] problem with security constraint
  - From: Mario Georgiev
- Re: [jetty-users] problem with security constraint
  - From: Simone Bordet
- Re: [jetty-users] problem with security constraint
  - From: Mario Georgiev
- Re: [jetty-users] problem with security constraint
  - From: Thomas Becker

Prev by Date: Re: [jetty-users] WebSockets: Specific Client Message
Next by Date: [jetty-users] jetty versions
Previous by thread: Re: [jetty-users] problem with security constraint
Next by thread: Re: [jetty-users] problem with security constraint
Index(es):
- Date
- Thread

Breadcrumbs