Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Remote Application Platform (RAP) » Secure whole application(Using https)
Secure whole application [message #1219082] Sun, 01 December 2013 09:29 Go to next message
Dave Smith is currently offline Dave Smith
Messages: 30
Registered: July 2009
Member
I would like to make my RAP application and transport only accessible by https. I would like to use the feature in the servlet spec transport guarantee Confidential. Then jetty (paxweb) should automatically redirect any http requests to https. Possible ? or am I going at this the wrong way..
Re: Secure whole application [message #1219132 is a reply to message #1219082] Mon, 02 December 2013 04:54 Go to previous messageGo to next message
Ralf Sternberg is currently offline Ralf Sternberg
Messages: 1286
Registered: July 2009
Senior Member

On 01.12.2013 15:29, Dave Smith wrote:
> I would like to make my RAP application and transport only accessible by
> https. I would like to use the feature in the servlet spec transport
> guarantee Confidential. Then jetty (paxweb) should automatically
> redirect any http requests to https. Possible ? or am I going at this
> the wrong way..

AFAIK, you can register a servlet filter with paxweb. The servlet filter
could redirect http:// URLs to https://. Would this be an option?

Best regards,
Ralf

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/
Re: Secure whole application [message #1219260 is a reply to message #1219132] Mon, 02 December 2013 19:32 Go to previous messageGo to next message
Dave Smith is currently offline Dave Smith
Messages: 30
Registered: July 2009
Member
In order to register a filter I have to do it against the HttpServiceContext that RAP registers the servlet in. Otherwise I just get a second context and my filter is ignored. What HttpContext is the RAP servlet registered against?
Re: Secure whole application [message #1219727 is a reply to message #1219260] Thu, 05 December 2013 10:08 Go to previous messageGo to next message
Ralf Sternberg is currently offline Ralf Sternberg
Messages: 1286
Registered: July 2009
Senior Member

When you register your ApplicationConfiguration as a service (as we
recommend to do in the developers guide [1]), then the rwt.osgi bundle
will start the application with a new HttpContext, that is acquired from
HttpService.createDefaultHttpContext().

However, you can create an HttpContext yourself and use the
ApplicationLauncher to start the application with this context. The
rwt.osgi bundle provides an implementation of the interface
org.eclipse.rap.rwt.osgi.ApplicationLauncher as a service.

Regards,
Ralf

[1]
http://eclipse.org/rap/developers-guide/devguide.php?topic=application-configuration.html&version=2.2

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/
Re: Secure whole application [message #1220135 is a reply to message #1219727] Mon, 09 December 2013 22:27 Go to previous messageGo to next message
Dave Smith is currently offline Dave Smith
Messages: 30
Registered: July 2009
Member
We that still does not work because regardless of the HttpConext you pass in to
ApplicationLauncher.launch you wrap it up in a HttpContextWrapper and therefore it is not the same HttpContext. The hack I used to make it work (very ugly)....

ApplicationReference ref = applicationLauncher.launch(this, httpService, null, null, System.getProperty("java.io.tmpdir"));
Field f = ref.getClass().getDeclaredField("httpContext");
f.setAccessible(true);
HttpContext ctx = (HttpContext) f.get(ref);

org.ops4j.pax.web.service.WebContainer.WebContainer container = bundleContext.getService(bundleContext.getServiceReference(WebContainer.class));
container.registerFilter(new HttpToHttpsFilter(), new String [] { "/portal" , "/portal/*"}, null, null, ctx);

Basically I am grabbing the wrapped context and then manually registering the filter against it.I would suggest ApplicationReference expose a getHttpContext() method or event better expose it farther down in the Application interface so it could be called when in the ApplicationConfiguration.configure().

Re: Secure whole application [message #1220192 is a reply to message #1220135] Tue, 10 December 2013 05:19 Go to previous message
Ralf Sternberg is currently offline Ralf Sternberg
Messages: 1286
Registered: July 2009
Senior Member

Providing the HttpContext in ApplicationReference sounds reasonable to
me. However, I think I wouldn't like to bring it into the Application
interface, because that's in rwt, not rwt.osgi, and the HttpContext is
only present in an OSGi environment.

Would you mind opening an enhancement request [1] for this?

With the wrapped HttpContext, I wonder if there's any good reason to
accept an HttpContext parameter in ApplicationLauncher at all?

Regards,
Ralf

[1] http://eclipse.org/rap/bugs/

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/
Previous Topic:Installing war on tomcat
Next Topic:WindowBuilder / SWT Designer not fully compatible
Goto Forum:
  


Current Time: Sat Apr 19 13:14:16 EDT 2014

Powered by FUDForum. Page generated in 0.01620 seconds