Two Laptop Bag
The moose likes JBoss/WildFly and the fly likes http to https redirect jboss 5.0.1 GA Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "http to https redirect jboss 5.0.1 GA" Watch "http to https redirect jboss 5.0.1 GA" New topic

http to https redirect jboss 5.0.1 GA

Girish Vasmatkar
Ranch Hand

Joined: Apr 24, 2008
Posts: 201
Hi guys,

I want to redirect the http request automatically to https if the user hits the url that is security constrained using

I am defining this constraint my application's web.xml and if I hit the URL with https, then the request gets completed, but if I hit the URL with http, the browser shows the message

Firefox can't establish a connection to the server at localhost:8443.

I want the server to automatically use https rather than http, how can I do that?

Can some one point me to the right direction ?

Thank you.

Jaikiran Pai

Joined: Jul 20, 2005
Posts: 10441

Have you enabled the HTTPS connector in the server.xml file? What changes have you done there?

[My Blog] [JavaRanch Journal]
Jaikiran Pai

Joined: Jul 20, 2005
Posts: 10441

By the way, I was planning to point you to the Configuring HTTPS chapter in JBoss AS5 configuration guide, but apparently there's no such chapter for AS-5. AS-4 guide had a separate chapter for this.
Girish Vasmatkar
Ranch Hand

Joined: Apr 24, 2008
Posts: 201
Thanks Jaikiran for the reply,

The server.xml found under server\default\deploy\jbossweb.sar\server.xml has this code snippet, which is commented

Do I need to un-comment this code, and it will automatically redirect to the https request ?
Vaishali S Kulkarni

Joined: Oct 05, 2011
Posts: 6

Step1 -->locate the server.xml inside jboss/server/<NAME>/deploy/jbossweb-tomcat55.sar/, and then change the port=”8080″ parameter in the HTTP Connector to your wishes, for example port 80 as I have done it here.
<!-- A HTTP/1.1 Connector on port 8080 -->
<Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}"
maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"/>

Step2 -->Find the “Host” section, and uncomment the following Valve
<!-- Uncomment to enable single sign-on across web apps
deployed to this host. Does not provide SSO across a cluster.

If this valve is used, do not use the JBoss ClusteredSingleSignOn
valve shown below.

A new configuration attribute is available beginning with
release 4.0.4:

cookieDomain configures the domain to which the SSO cookie
will be scoped (i.e. the set of hosts to
which the cookie will be presented). By default
the cookie is scoped to "/", meaning the host
that presented it. Set cookieDomain to a
wider domain (e.g. "") to allow an SSO
to span more than one hostname.

<Valve className="org.apache.catalina.authenticator.SingleSignOn" />

Step3 -->In your jboss-web.xml it’s important that all the web applications that are going to “exchange” credentials points to the same security-domain
<context-root>/YOUR_APPLICATION_ROOT</context-root> (OPTIONAL)

Step4 -->I’m using a self-signed certificate in my application, but the procedure would be more or less the same even if you are going to use a certificate from a Certification Authority.
Generate the keystore. keytool -genkey -alias tomcat -keyalg RSA -keystore NAME_OF_KEYSTORE -validity NUMBER_OF_DAYS
Here is my Ant Target for it which you can mention in your file to automate it using build.xml:
<target name="generate-selfsignedcert-keystore" depends="generate-certificate-request">
<delete file="conf/xyz.keystore" failonerror="false" />
<exec executable="${keytool}" spawn="true">
<arg value="-genkey"/>
<arg value="-keystore"/>
<arg value="conf/xyz.keystore"/>
<arg value="-storepass"/>
<arg value="mypassword"/>
<arg value="-keypass"/>
<arg value="mypassword"/>
<arg value="-keyalg"/>
<arg value="RSA"/>
<arg value="-validity"/>
<arg value="365"/>
<arg value="-alias"/>
<arg value="xyz"/>
<arg value="-dname"/>

Step5 --> Configure the generated keystore in server.xml:
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystorePass="mypassword" sslProtocol = "TLS" />

You should be all set.

I agree. Here's the link:
subject: http to https redirect jboss 5.0.1 GA
It's not a secret anymore!