|Re: [jetty-users] problem with security constraint|
Hi Mario,I've setup the same thing again within 5 min. by just using the standard jetty config files, creating a keystore and enabling jetty-ssl.xml in start.ini. It works just fine.
Here's the web.xml excerpt I've used. <!-- redirect everything to confidential port --> <security-constraint> <web-resource-collection> <web-resource-name>Protected Context</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>Pretty much the same thing as you have and it simply works. All calls to this webapp get redirected to https. So I don't have a clue why this is not working for you. I've tested with 7.6.0-SNAPSHOT, but that shouldn't make a difference in this case.
Cheers, Thomas On 1/12/12 10:20 AM, Thomas Becker wrote:
Hi Mario,at a first glimpse your config looks completely ok to me. If I will find some time to do so, I will see if I can put a config together that works and paste it to you. You can then start with a config that is known to work and if it still doesn't work for you, we at least know it's not the config.Cheers, Thomas On 1/11/12 12:42 PM, Mario Georgiev wrote:Hi, Yes I have "confidentialPort" set in the config. Here are the configurations for the connectors: <New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory"> <Set name="KeyStore"><Property name="jetty.home" default="." />mykey.keystore</Set> <Set name="KeyStorePassword">pass</Set> <Set name="KeyManagerPassword">pass</Set> <Set name="TrustStore"><Property name="jetty.home" default="." />mytruststore.keystore</Set> <Set name="TrustStorePassword">pass</Set> </New> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <Arg><Ref id="sslContextFactory" /></Arg> <Set name="Port">8443</Set> <Set name="maxIdleTime">45000</Set> <Set name="AcceptQueueSize">100</Set> <Set name="Acceptors">2</Set> <Set name="lowResourcesConnections">11000</Set> <Set name="lowResourcesMaxIdleTime">1000</Set> </New> </Arg> </Call> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.nio.SelectChannelConnector"> <Set name="host"> <Property name="jetty.host" /> </Set> <Set name="port"> <Property name="jetty.port" default="8080" /> </Set> <Set name="maxIdleTime">45000</Set> <Set name="Acceptors">2</Set> <Set name="statsOn">false</Set> <Set name="confidentialPort">8443</Set> <Set name="lowResourcesConnections">10000</Set> <Set name="lowResourcesMaxIdleTime">5000</Set> <Set name="ThreadPool"> <New class="org.eclipse.jetty.util.thread.QueuedThreadPool"> <Set name="name">SSL Thread Pool</Set> <Set name="minThreads">10</Set> <Set name="maxThreads">400</Set> </New> </Set> </New> </Arg> </Call> Do you know where in the code to look for these settings? I can try to debug it and see what is going on, I just need some direction to look for.On Wed, Jan 11, 2012 at 11:15, Simone Bordet<sbordet@xxxxxxxxxxx> wrote:Hi,On Wed, Jan 11, 2012 at 10:05, Mario Georgiev<mario@xxxxxxxxxxxxxx> wrote:Hi Thomas, The SSL connector is setup as it should and works like a charm. I have working SSL environment and I can open pages/access resources on https with no problems at all. The redirect from http to https that should happen from the configuration with this security constraint - that is not working. I forgot to tell: Jetty version I use is 7.5.4.v20111024Did you specify the confidentialPort in the non-SSL connector ? Otherwise Jetty will not know where to redirect to. Simon -- http://cometd.org http://intalio.com http://bordet.blogspot.com ---- Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability, the implementation technique must be flawless. Victoria Livschitz _______________________________________________ jetty-users mailing list jetty-users@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/jetty-users
-- thomas becker tbecker@xxxxxxxxxxx http://webtide.com / http://intalio.com (the folks behind jetty and cometd)
Back to the top