Hi Thomas, OK, that sounds good that the bug is found and fixed :) Do you know is it going to be in Jetty 7.6?
On Mon, Jan 23, 2012 at 16:46, Thomas Becker <[email protected]> wrote: > Hi Mario, > > this is a bug in jetty which we recently have fixed: > https://bugs.eclipse.org/bugs/show_bug.cgi?id=368773 > Sorry, didn't remember your email. Otherwise I would have reported that to > you earlier. > > Cheers, > Thomas > > > On 1/23/12 3:41 PM, Mario Georgiev wrote: >> >> Hi, >> >> So I've been busy with other stuff and a colleague of mine have been >> taken the issue and here is what he found so far. >> >> If there is "securityHandler" enabled the redirect works. So when we >> add this in the context configuration it works: >> >> <Get name="securityHandler"> >> <Set name="loginService"> >> <New class="org.eclipse.jetty.security.HashLoginService"> >> <Set name="name">Test Realm</Set> >> <Set name="config"><SystemProperty name="jetty.home" >> default="."/>/etc/realm.properties</Set> >> <!-- To enable reload of realm when properties change, >> uncomment the following lines --> >> <!-- changing refreshInterval (in seconds) as desired >> --> >> <!-- >> <Set name="refreshInterval">5</Set> >> <Call name="start"></Call> >> --> >> </New> >> </Set> >> <Set name="checkWelcomeFiles">true</Set> >> </Get> >> >> So my questions are >> 1. Why do we need a "securityHandler"? >> and >> 2. What is the right configuration when I need only to redirect users >> but not to authenticate them? >> >> On Fri, Jan 13, 2012 at 13:17, Thomas Becker<[email protected]> wrote: >>> >>> Hi Mario, >>> >>> I've setup the same thing again within 5 min. by just using the standard >>> jetty config files, creating a keystore and enabling jetty-ssl.xml in >>> start.ini. It works just fine. >>> >>> Here's the web.xml excerpt I've used. >>> >>> <!-- redirect everything to confidential port --> >>> <security-constraint> >>> <web-resource-collection> >>> <web-resource-name>Protected Context</web-resource-name> >>> >>> <url-pattern>/*</url-pattern> >>> </web-resource-collection> >>> <user-data-constraint> >>> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >>> </user-data-constraint> >>> </security-constraint> >>> >>> Pretty much the same thing as you have and it simply works. All calls to >>> this webapp get redirected to https. So I don't have a clue why this is >>> not >>> working for you. I've tested with 7.6.0-SNAPSHOT, but that shouldn't make >>> a >>> difference in this case. >>> >>> Cheers, >>> Thomas >>> >>> On 1/12/12 10:20 AM, Thomas Becker wrote: >>>> >>>> Hi Mario, >>>> >>>> at a first glimpse your config looks completely ok to me. If I will find >>>> some time to do so, I will see if I can put a config together that works >>>> and >>>> paste it to you. You can then start with a config that is known to work >>>> and >>>> if it still doesn't work for you, we at least know it's not the config. >>>> >>>> Cheers, >>>> Thomas >>>> >>>> On 1/11/12 12:42 PM, Mario Georgiev wrote: >>>>> >>>>> Hi, >>>>> >>>>> Yes I have "confidentialPort" set in the config. >>>>> Here are the configurations for the connectors: >>>>> >>>>> <New id="sslContextFactory" >>>>> class="org.eclipse.jetty.http.ssl.SslContextFactory"> >>>>> <Set name="KeyStore"><Property name="jetty.home" default="." >>>>> />mykey.keystore</Set> >>>>> <Set name="KeyStorePassword">pass</Set> >>>>> <Set name="KeyManagerPassword">pass</Set> >>>>> <Set name="TrustStore"><Property name="jetty.home" default="." >>>>> />mytruststore.keystore</Set> >>>>> <Set name="TrustStorePassword">pass</Set> >>>>> </New> >>>>> >>>>> <Call name="addConnector"> >>>>> <Arg> >>>>> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> >>>>> <Arg><Ref id="sslContextFactory" /></Arg> >>>>> <Set name="Port">8443</Set> >>>>> >>>>> <Set name="maxIdleTime">45000</Set> >>>>> <Set name="AcceptQueueSize">100</Set> >>>>> <Set name="Acceptors">2</Set> >>>>> <Set name="lowResourcesConnections">11000</Set> >>>>> <Set name="lowResourcesMaxIdleTime">1000</Set> >>>>> </New> >>>>> </Arg> >>>>> </Call> >>>>> >>>>> <Call name="addConnector"> >>>>> <Arg> >>>>> <New class="org.eclipse.jetty.server.nio.SelectChannelConnector"> >>>>> <Set name="host"> >>>>> <Property name="jetty.host" /> >>>>> </Set> >>>>> <Set name="port"> >>>>> <Property name="jetty.port" default="8080" /> >>>>> </Set> >>>>> <Set name="maxIdleTime">45000</Set> >>>>> <Set name="Acceptors">2</Set> >>>>> <Set name="statsOn">false</Set> >>>>> <Set name="confidentialPort">8443</Set> >>>>> <Set name="lowResourcesConnections">10000</Set> >>>>> <Set name="lowResourcesMaxIdleTime">5000</Set> >>>>> <Set name="ThreadPool"> >>>>> <New class="org.eclipse.jetty.util.thread.QueuedThreadPool"> >>>>> <Set name="name">SSL Thread Pool</Set> >>>>> <Set name="minThreads">10</Set> >>>>> <Set name="maxThreads">400</Set> >>>>> </New> >>>>> </Set> >>>>> </New> >>>>> </Arg> >>>>> </Call> >>>>> >>>>> >>>>> Do you know where in the code to look for these settings? >>>>> I can try to debug it and see what is going on, I just need some >>>>> direction to look for. >>>>> >>>>> >>>>> On Wed, Jan 11, 2012 at 11:15, Simone Bordet<[email protected]> >>>>> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> On Wed, Jan 11, 2012 at 10:05, Mario Georgiev<[email protected]> >>>>>> wrote: >>>>>>> >>>>>>> Hi Thomas, >>>>>>> >>>>>>> The SSL connector is setup as it should and works like a charm. I >>>>>>> have >>>>>>> working SSL environment and I can open pages/access resources on >>>>>>> https >>>>>>> with no problems at all. >>>>>>> The redirect from http to https that should happen from the >>>>>>> configuration with this security constraint - that is not working. >>>>>>> >>>>>>> I forgot to tell: Jetty version I use is 7.5.4.v20111024 >>>>>> >>>>>> Did you specify the confidentialPort in the non-SSL connector ? >>>>>> Otherwise Jetty will not know where to redirect to. >>>>>> >>>>>> Simon >>>>>> -- >>>>>> http://cometd.org >>>>>> http://intalio.com >>>>>> http://bordet.blogspot.com >>>>>> ---- >>>>>> Finally, no matter how good the architecture and design are, >>>>>> to deliver bug-free software with optimal performance and reliability, >>>>>> the implementation technique must be flawless. Victoria Livschitz >>>>>> _______________________________________________ >>>>>> jetty-users mailing list >>>>>> [email protected] >>>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users >>>>> >>>>> >>>>> >>> -- >>> thomas becker >>> [email protected] >>> >>> http://webtide.com / http://intalio.com >>> (the folks behind jetty and cometd) >>> >>> _______________________________________________ >>> jetty-users mailing list >>> [email protected] >>> https://dev.eclipse.org/mailman/listinfo/jetty-users >> >> >> > > -- > thomas becker > [email protected] > > http://webtide.com / http://intalio.com > (the folks behind jetty and cometd) > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users -- Regards, Mario Georgiev Senior Web Developer Trading 212 www.trading212.com E-mail: [email protected] _______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
