Skip to main content


Eclipse Community Forums

      Home
Home » Eclipse Projects » Remote Application Platform (RAP) » Secure whole application(Using https)
Secure whole application [message #1219082] Sun, 01 December 2013 09:29 Go to next message
Eclipse UserFriend
I would like to make my RAP application and transport only accessible by https. I would like to use the feature in the servlet spec transport guarantee Confidential. Then jetty (paxweb) should automatically redirect any http requests to https. Possible ? or am I going at this the wrong way..
Re: Secure whole application [message #1219132 is a reply to message #1219082] Mon, 02 December 2013 04:54 Go to previous messageGo to next message
Eclipse UserFriend
On 01.12.2013 15:29, Dave Smith wrote:
> I would like to make my RAP application and transport only accessible by
> https. I would like to use the feature in the servlet spec transport
> guarantee Confidential. Then jetty (paxweb) should automatically
> redirect any http requests to https. Possible ? or am I going at this
> the wrong way..

AFAIK, you can register a servlet filter with paxweb. The servlet filter
could redirect http:// URLs to https://. Would this be an option?

Best regards,
Ralf

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/
Re: Secure whole application [message #1219260 is a reply to message #1219132] Mon, 02 December 2013 19:32 Go to previous messageGo to next message
Eclipse UserFriend
In order to register a filter I have to do it against the HttpServiceContext that RAP registers the servlet in. Otherwise I just get a second context and my filter is ignored. What HttpContext is the RAP servlet registered against?
Re: Secure whole application [message #1219727 is a reply to message #1219260] Thu, 05 December 2013 10:08 Go to previous messageGo to next message
Eclipse UserFriend
When you register your ApplicationConfiguration as a service (as we
recommend to do in the developers guide [1]), then the rwt.osgi bundle
will start the application with a new HttpContext, that is acquired from
HttpService.createDefaultHttpContext().

However, you can create an HttpContext yourself and use the
ApplicationLauncher to start the application with this context. The
rwt.osgi bundle provides an implementation of the interface
org.eclipse.rap.rwt.osgi.ApplicationLauncher as a service.

Regards,
Ralf

[1]
http://eclipse.org/rap/developers-guide/devguide.php?topic=application-configuration.html&version=2.2

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/
Re: Secure whole application [message #1220135 is a reply to message #1219727] Mon, 09 December 2013 22:27 Go to previous messageGo to next message
Eclipse UserFriend
We that still does not work because regardless of the HttpConext you pass in to
ApplicationLauncher.launch you wrap it up in a HttpContextWrapper and therefore it is not the same HttpContext. The hack I used to make it work (very ugly)....

ApplicationReference ref = applicationLauncher.launch(this, httpService, null, null, System.getProperty("java.io.tmpdir"));
Field f = ref.getClass().getDeclaredField("httpContext");
f.setAccessible(true);
HttpContext ctx = (HttpContext) f.get(ref);

org.ops4j.pax.web.service.WebContainer.WebContainer container = bundleContext.getService(bundleContext.getServiceReference(WebContainer.class));
container.registerFilter(new HttpToHttpsFilter(), new String [] { "/portal" , "/portal/*"}, null, null, ctx);

Basically I am grabbing the wrapped context and then manually registering the filter against it.I would suggest ApplicationReference expose a getHttpContext() method or event better expose it farther down in the Application interface so it could be called when in the ApplicationConfiguration.configure().
Re: Secure whole application [message #1220192 is a reply to message #1220135] Tue, 10 December 2013 05:19 Go to previous message
Eclipse UserFriend
Providing the HttpContext in ApplicationReference sounds reasonable to
me. However, I think I wouldn't like to bring it into the Application
interface, because that's in rwt, not rwt.osgi, and the HttpContext is
only present in an OSGi environment.

Would you mind opening an enhancement request [1] for this?

With the wrapped HttpContext, I wonder if there's any good reason to
accept an HttpContext parameter in ApplicationLauncher at all?

Regards,
Ralf

[1] http://eclipse.org/rap/bugs/

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/
Previous Topic:Rap Export-Version
Next Topic:Calendar in some months shows wrong weekdays (only in IE)
Goto Forum:
  


Current Time: Tue Jul 22 19:29:36 EDT 2025

Powered by FUDForum. Page generated in 0.04889 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly