aspose file tools*
The moose likes JBoss/WildFly and the fly likes JBOSS web logon not redirecting from port 8080 to 8443 at login Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "JBOSS web logon not redirecting from port 8080 to 8443 at login" Watch "JBOSS web logon not redirecting from port 8080 to 8443 at login" New topic
Author

JBOSS web logon not redirecting from port 8080 to 8443 at login

G King
Greenhorn

Joined: Jan 18, 2011
Posts: 6
All, I have successfully set up JBOSS to accept either port 8080 or 8443. However, the port 8080 connections do not redirect to 8443 for logon authentication. Any help is greatly appreciated!

<Connector port="8080" address="${jboss.bind.address}"
maxThreads="250" maxHttpHeaderSize="8192"
emptySessionPath="true" protocol="HTTP/1.1"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" compression="on" compressionMinSize="4096"
compressionMimeType="text/html,text/xml,text/plain,text/javascript,text/css"
disableUploadTimeout="true" />

<Connector port="8443" address="${jboss.bind.address}"
maxThreads="250" minSpareThreads="5" maxSpareThreads="75"
maxHttpHeaderSize="8192" emptySessionPath="true" protocol="HTTP/1.1"
enableLookups="true" scheme="https" secure="true" SSLEnabled="true" acceptCount="100"
connectionTimeout="20000" compression="on" compressionMinSize="4096"
compressionMimeType="text/html,text/xml,text/plain,text/javascript,text/css"
disableUploadTimeout="true" keystoreFile="path_to_keystore"
keystorePass="passwd" clientAuth="false" sslProtocol="TLS" />
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10052
    
163

Your web.xml's security configuration part also plays a role in this. What does your web.xml look like?

[My Blog] [JavaRanch Journal]
G King
Greenhorn

Joined: Jan 18, 2011
Posts: 6
Is there a specific stanza I can target for you? I found nothing on a course search while looking for CONFIDENTIAL declarations, 8080, 8443, or even https. Searching on security, I am only finding elements associated with role based security rather than a page level authentication security constraint.
G King
Greenhorn

Joined: Jan 18, 2011
Posts: 6
UPDATE: I did find a number of the fillowing entries: <transport-guarantee>NONE</transport-guarantee>
I understand that I will want to modify that to <transport-guarantee>CONFIDENTIAL</transport-guarantee> for the target page. In my case I only want the initial logon to be redirected to 8443 with a subsequent return to 8080 for follow-on pages. Can I assume then that I will need to identify a specific point in the web.xml file? If so, what might I be looking for.
G King
Greenhorn

Joined: Jan 18, 2011
Posts: 6
I have determined that setting NONE to CONFIDENTIAL in the following will force the redirect from 8080 to 8443. However, I do not return to 8080 for the follow-on pages. I expect this may be due to the nested "url-pattern" elements.

<security-constraint>
<web-resource-collection>
<web-resource-name>NGS PROTECTED WEB</web-resource-name>
<description>All jsp's below this level are protected by authentication</description>
<url-pattern>//jsp/core/default.jsp</url-pattern>
<url-pattern>/jsp/*</url-pattern>
.
.
.
</web-resource-collection>
<auth-constraint>
<role-name>NGS_USER</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

How would I extract out and apply <transport-guarantee>NONE</transport-guarantee> to just <url-pattern>//jsp/core/default.jsp leaving the others as NONE?
G King
Greenhorn

Joined: Jan 18, 2011
Posts: 6
CORRECTION ...

How would I extract out and apply <transport-guarantee>CONFIDENTIAL</transport-guarantee> to just <url-pattern>//jsp/core/default.jsp leaving the others as NONE?
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10052
    
163

I haven't given it a try, but the XSD of web.xml tells me that you can have multiple security-constraint elements in the web.xml file. So you can try having 2 security-constraint elements one with CONFIDENTIAL transport-guarantee and one with NONE and then map it to the correct url-pattern.
G King
Greenhorn

Joined: Jan 18, 2011
Posts: 6
I saw that and did in fact make an attempt. It did not work. The page defaulted to the "NONE" constraint. This may have been an issue related to my method of approach.

Basically, I inserted a new security constraint stanza above the existing one and maintained the format other than naming.

<security-constraint>
<web-resource-collection>
<web-resource-name>NGS SSL WEB</web-resource-name>
<description>Initial level protected by SSL authentication</description>
<url-pattern>//jsp/core/default.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>NGS_USER</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

I then removed the base URL element from the original stanza:

<security-constraint>
<web-resource-collection>
<web-resource-name>NGS PROTECTED WEB</web-resource-name>
<description>All jsp's below this level are protected by authentication</description>

<url-pattern>//jsp/core/default.jsp</url-pattern> <===DELETED THIS LINE

<url-pattern>/jsp/*</url-pattern>
.
.
.
</web-resource-collection>
<auth-constraint>
<role-name>NGS_USER</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

Sahil Makhija
Greenhorn

Joined: Dec 12, 2012
Posts: 1
G King wrote:I saw that and did in fact make an attempt. It did not work. The page defaulted to the "NONE" constraint. This may have been an issue related to my method of approach.

Basically, I inserted a new security constraint stanza above the existing one and maintained the format other than naming.

<security-constraint>
<web-resource-collection>
<web-resource-name>NGS SSL WEB</web-resource-name>
<description>Initial level protected by SSL authentication</description>
<url-pattern>//jsp/core/default.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>NGS_USER</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

I then removed the base URL element from the original stanza:

<security-constraint>
<web-resource-collection>
<web-resource-name>NGS PROTECTED WEB</web-resource-name>
<description>All jsp's below this level are protected by authentication</description>

<url-pattern>//jsp/core/default.jsp</url-pattern> <===DELETED THIS LINE

<url-pattern>/jsp/*</url-pattern>
.
.
.
</web-resource-collection>
<auth-constraint>
<role-name>NGS_USER</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>





Hi, were you able to configure how to use https on just the login page and all other pages with http?
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: JBOSS web logon not redirecting from port 8080 to 8443 at login