Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Remote Application Platform (RAP) » Secure whole application(Using https)
Secure whole application [message #1219082] Sun, 01 December 2013 14:29 Go to next message
Dave Smith is currently offline Dave SmithFriend
Messages: 34
Registered: July 2009
Member
I would like to make my RAP application and transport only accessible by https. I would like to use the feature in the servlet spec transport guarantee Confidential. Then jetty (paxweb) should automatically redirect any http requests to https. Possible ? or am I going at this the wrong way..

Report message to a moderator

Re: Secure whole application [message #1219132 is a reply to message #1219082] Mon, 02 December 2013 09:54 Go to previous messageGo to next message
Ralf Sternberg is currently offline Ralf SternbergFriend
Messages: 1313
Registered: July 2009
Senior Member
On 01.12.2013 15:29, Dave Smith wrote:
> I would like to make my RAP application and transport only accessible by
> https. I would like to use the feature in the servlet spec transport
> guarantee Confidential. Then jetty (paxweb) should automatically
> redirect any http requests to https. Possible ? or am I going at this
> the wrong way..

AFAIK, you can register a servlet filter with paxweb. The servlet filter
could redirect http:// URLs to https://. Would this be an option?

Best regards,
Ralf

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/

Report message to a moderator

Re: Secure whole application [message #1219260 is a reply to message #1219132] Tue, 03 December 2013 00:32 Go to previous messageGo to next message
Dave Smith is currently offline Dave SmithFriend
Messages: 34
Registered: July 2009
Member
In order to register a filter I have to do it against the HttpServiceContext that RAP registers the servlet in. Otherwise I just get a second context and my filter is ignored. What HttpContext is the RAP servlet registered against?

Report message to a moderator

Re: Secure whole application [message #1219727 is a reply to message #1219260] Thu, 05 December 2013 15:08 Go to previous messageGo to next message
Ralf Sternberg is currently offline Ralf SternbergFriend
Messages: 1313
Registered: July 2009
Senior Member
When you register your ApplicationConfiguration as a service (as we
recommend to do in the developers guide [1]), then the rwt.osgi bundle
will start the application with a new HttpContext, that is acquired from
HttpService.createDefaultHttpContext().

However, you can create an HttpContext yourself and use the
ApplicationLauncher to start the application with this context. The
rwt.osgi bundle provides an implementation of the interface
org.eclipse.rap.rwt.osgi.ApplicationLauncher as a service.

Regards,
Ralf

[1]
http://eclipse.org/rap/developers-guide/devguide.php?topic=application-configuration.html&version=2.2

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/

Report message to a moderator

Re: Secure whole application [message #1220135 is a reply to message #1219727] Tue, 10 December 2013 03:27 Go to previous messageGo to next message
Dave Smith is currently offline Dave SmithFriend
Messages: 34
Registered: July 2009
Member
We that still does not work because regardless of the HttpConext you pass in to
ApplicationLauncher.launch you wrap it up in a HttpContextWrapper and therefore it is not the same HttpContext. The hack I used to make it work (very ugly)....

ApplicationReference ref = applicationLauncher.launch(this, httpService, null, null, System.getProperty("java.io.tmpdir"));
Field f = ref.getClass().getDeclaredField("httpContext");
f.setAccessible(true);
HttpContext ctx = (HttpContext) f.get(ref);

org.ops4j.pax.web.service.WebContainer.WebContainer container = bundleContext.getService(bundleContext.getServiceReference(WebContainer.class));
container.registerFilter(new HttpToHttpsFilter(), new String [] { "/portal" , "/portal/*"}, null, null, ctx);

Basically I am grabbing the wrapped context and then manually registering the filter against it.I would suggest ApplicationReference expose a getHttpContext() method or event better expose it farther down in the Application interface so it could be called when in the ApplicationConfiguration.configure().

Report message to a moderator

Re: Secure whole application [message #1220192 is a reply to message #1220135] Tue, 10 December 2013 10:19 Go to previous message
Ralf Sternberg is currently offline Ralf SternbergFriend
Messages: 1313
Registered: July 2009
Senior Member
Providing the HttpContext in ApplicationReference sounds reasonable to
me. However, I think I wouldn't like to bring it into the Application
interface, because that's in rwt, not rwt.osgi, and the HttpContext is
only present in an OSGi environment.

Would you mind opening an enhancement request [1] for this?

With the wrapped HttpContext, I wonder if there's any good reason to
accept an HttpContext parameter in ApplicationLauncher at all?

Regards,
Ralf

[1] http://eclipse.org/rap/bugs/

--
Ralf Sternberg

Twitter: @EclipseRAP
Blog: http://eclipsesource.com/blogs/

Professional services for RAP and RCP?
http://eclipsesource.com/services/rap/

Report message to a moderator

Previous Topic:Rap Export-Version
Next Topic:Calendar in some months shows wrong weekdays (only in IE)
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Apr 26 09:12:30 GMT 2024

Powered by FUDForum. Page generated in 0.03636 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly