Hi all,
I just would like to report that I am making some progress on upgrading Jetty 7 to Jetty 9.4.11, I will share the things that I have learned once the effort is completed. However, I am now stuck because, for some reason, Jetty 9.4.11 is
returning a non-secure uri when it supposed to return secure uri back to the browsers. My question is this, how do I indicate to Jetty 9.4.11 to return a secure redirection uri instead of non-secure? Or, how does Jetty 9.4.11 determine how to redirect to secure
instead of non secure uri? Please see the debug information generated by my jetty 9.4.11 below. I am almost there towards the completion of this effort. As you can see, it is returning a non secure uri for the location header attribute. My embedded Jetty 7
correctly returns secure uri for the location header attribute.
Thanks,
Ike
2018-10-10 12:28:36,691 [qtp958678400-48] DEBUG HttpChannel - sendResponse info=null content=HeapByteBuffer@5639ad7d[p=0,l=0,c=0,r=0]={<<<>>>} complete=true committing=true callback=Blocker@2afcfd94{null}
2018-10-10 12:28:36,691 [qtp958678400-48] DEBUG HttpChannel - COMMIT for /SSPDashboard/faces/logon.jsp;jsessionid=ycrx3afb3zghqc1kn4la5oc2g3v0itdceogh1seg5lll8p9gg.node0 on HttpChannelOverHttp@4420504a{r=1,c=true,a=DISPATCHED,uri=//10.xxx.xxx.xxx:7777/SSPDashboard/faces/logon.jsp;jsessionid=ycrx3afb3zghqc1kn4la5oc2g3v0itdceogh1seg5lll8p9gg.node0,age=771}
302 null HTTP/1.1
X-Frame-Options: SAMEORIGIN
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Strict-Transport-Security: max-age=31536000
Set-Cookie: JSESSIONID=jzf3myxmxspuzsjnqj1mhn99stt66j3ref0162afecyid5ux.node0;Path=/SSPDashboard;Secure;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://10.xxx.xxx.xxx:7777/SSPDashboard/faces/configuration.jsp
=====================================================