[jboss-jira] [JBoss JIRA] (WFLY-5725) Attribute "secure" not migrated to Undertow subsystem

[Francesco Marchioni (JIRA)]

    [ https://issues.jboss.org/browse/WFLY-5725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13134585#comment-13134585 ] 

Francesco Marchioni commented on WFLY-5725:
-------------------------------------------

Hi Stuart,
well we checked also with the attribute and X-Forwarded-Proto setting, but the behaviour is still the same. From what I can see in org.wildfly.extension.undertow.HttpListenerService the method isSecure always returns false:

{code:java}
@Override
    public boolean isSecure() {
        return false;
 }
{code}

On the other hand, we found out that using an apache proxy pass based on *ajp* (ajp://host:port) it does work, so that would be the workaround until the bug is solved.

> Attribute "secure" not migrated to Undertow subsystem
> -----------------------------------------------------
>
>                 Key: WFLY-5725
>                 URL: https://issues.jboss.org/browse/WFLY-5725
>             Project: WildFly
>          Issue Type: Bug
>          Components: Web (Undertow)
>         Environment: RHEL 7.1
>            Reporter: Francesco Marchioni
>            Assignee: Stuart Douglas
>              Labels: ea, undertow
>
> We need to migrate the following EAP 6 configuration from the web subsystem:
> <subsystem xmlns="urn:jboss:domain:web:2.1" default-virtual-server="default-host" native="false">
>     <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
>     <connector name="httpconfidential" protocol="HTTP/1.1" scheme="http" socket-binding="httpsecure" secure="true" enabled="true"/>
>     <virtual-server name="default-host" enable-welcome-root="true">
>         <alias name="localhost"/>
>         <alias name="example.com"/>
>     </virtual-server>
> </subsystem>
> This configuration uses the *secure="true" * attribute to support the transport-guarantee to CONFIDENTIAL which is required by our applications. (We don't use https in EAP which is configured only on the Apache Web server that serves request to EAP 6)
> The configuration has been migrated into EAP 7.0.0 Alpha using the CLI /subsystem=web:migrate command. Although no warnings are shown, the resulting configuration *does not contain the attribute "secure"* :
> <subsystem xmlns="urn:jboss:domain:undertow:3.0">
>     <buffer-cache name="default"/>
>     <server name="default-server">
>         <http-listener name="http" socket-binding="http"/>
>         <http-listener name="httpconfidential" socket-binding="httpsecure"/>
>         <host name="default-host" alias="localhost, example.com">
>             <location name="/" handler="welcome-content"/>
>         </host>
>     </server>
>     <servlet-container name="default">
>         <jsp-config/>
>     </servlet-container>
>     <handlers>
>         <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
>     </handlers>
> </subsystem>
> Is there any plan to provide backward compatiblity for the secure attribute in EAP 7 ?



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)