[jboss-dev-forums] [JBoss Web Development] - Problems with SSL redirection on JBoss 5.1.0GA

Wed Jul 21 08:59:05 EDT 2010

Todd Gould [http://community.jboss.org/people/skidvd] created the discussion

"Problems with SSL redirection on JBoss 5.1.0GA"

To view the discussion, visit: http://community.jboss.org/message/553700#553700

--------------------------------------------------------------
Hello,

Sorry for the cross post, but thought that this may be a better place for this question.

I'm using  JBoss [The Oracle] 5.1.0.GA.  In previous releases I have successfully configured SSL and and the associated port redirection without any problems.  However, in this environment, I am having unexpected problems.  Your help will be greatly appreciated....

Here is what I have....

from server.xml:

     <!-- A HTTP/1.1 Connector on port 7000 -->
      <Connector protocol="HTTP/1.1" port="7000" address="${jboss.bind.address}" 
               connectionTimeout="20000" redirectPort="7001" />
      <!-- Add this option to the connector to avoid problems with 
          .NET clients that don't implement HTTP/1.1 correctly 
         restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
      -->
      <!-- A AJP 1.3 Connector on port 8009 -->
      <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"
         redirectPort="7001" />

      <!-- SSL/TLS Connector configuration using the admin devl guide keystore-->
      <Connector protocol="HTTP/1.1" SSLEnabled="true" enableLookups="true"
           port="7001" address="${jboss.bind.address}"
           scheme="https" secure="true" clientAuth="false" 
           keystoreFile="${jboss.home.dir}/certs/mysvr1.jks"
           keystorePass="zzzzz" sslProtocol = "TLS"
           truststoreFile="${jboss.home.dir}/certs/mysvr1Trust.jks"
           truststorePass="zzzzz" />

from my apps web.xml:

from web.xml:
<security-constraint>
        <web-resource-collection>
            <web-resource-name>All restricted resources</web-resource-name>
            <description>Protects all AppAdmin restricted resources</description>
            <url-pattern>/pages/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
</security-constraint>

Symptoms:

 http://myserver:7000/Myapp/login.xhtml http://myserver:7000/Myapp/login.xhtml (when I hit this URL, it produces downloadable result - as expected - this is not within the data-constraint resource-collection)
 http://myserver:7000/Myapp/pages/index.jsf http://myserver:7000/Myapp/pages/index.jsf  (when I hit this URl, I expect to be redirected to SSL port (inside data-constraint); but do NOT get redirected - i.e., URL stays http and port 700 - and results in Cannot find server or DNS error)
 https://myserver:7001/Myapp/pages/index.jsf https://myserver:7001/Myapp/pages/index.jsf (works as expected - this shows that SSL appears to be configured and working properly)

Why is the redirect from an non SSL URL to an SSL URL (when accessing a data-constratint resource) not happening?  Again, your help is greatly appreciated!

--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/553700#553700]

Start a new discussion in JBoss Web Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2112]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20100721/68cadc99/attachment.html 