Add a security-constraint to your application's web.xml. That should even work with jetty 4 (Jesus!). Google for the details.
Am 27.06.2013 21:13 schrieb "Catatonic" <[email protected]>: > > Unfortunately, upgrading to a newer version of Jetty is not an option for this deployment. Not at this time. > > I still believe that this sort of configuration is possible with Jetty 4, but I just can't figure it out. > > > On Jun 27, 2013, at 1:34 PM, Joakim Erdfelt <[email protected]> wrote: > > I'm confused, did you upgrade to Jetty 7, 8 or 9? > Or are you still on Jetty 4? (a codebase that was retired in 2006) > > It will be tough finding anyone with experience in Jetty 4. > We don't even have access to the source code or old binaries of Jetty 4 anymore. > > > -- > Joakim Erdfelt <[email protected]> > webtide.com > Developer advice, services and support > from the Jetty & CometD experts > eclipse.org/jetty - cometd.org > > > On Thu, Jun 27, 2013 at 11:30 AM, Catatonic <[email protected]> wrote: >> >> I have a webapp built with a framework (Jacada) that uses Jetty 4 (yes, it’s old) as the web server. It runs on Windows Server 2003. >> >> I have successfully enabled SSL support by setting up an SSL listener. However, I have run into a security issue. A tester, after reaching the site via the secure URL, changed the URL from https to http and was able to continue working. That is, my configuration is allowing non-secured traffic to travel over the SSL port. >> >> I would like to force my SSL listener to only allow secured traffic. Here’s what I’ve tried: >> >> I added the following to [web_app_home_folder]\utils\web\jetty\etc\jetty.xml: >> >> <Call name="addHandler"> >> <Arg><New class="org.mortbay.http.handler.HTAccessHandler"> >> <Set name="AccessFile">.htaccess</Set> >> </New></Arg> >> </Call> >> >> In [web_app_home_folder], I created a file named .htaccess that contains the following: >> >> RewriteEngine On >> RewriteCond %{HTTPS} !=on >> RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] >> >> That did not have any effect. At this point I do not know if my changes to jetty.xml and my .htaccess file are even being detected. >> >> Any ideas on what I might have missed? Is there a better way to get the behavior I want? >> >> Thanks. >> >> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
