Yes, Jetty 4, from the dim and distant past. I saw stuff on the web about the security-constraint, but, as it happens, there is no web.xml in my installation, unless it's buried in one of the Jetty jar files. Here are all of the web.xml files I have in web_app_home_folder]\utils\web\jetty\etc:
admin.xml demo.xml demoSSO.xml j2me.xml jetty.xml proxy.xml stresstest.xml watchdog.xml webdefault.xml So maybe I should just create a web.xml in that folder and add the security-constraint to it? On Jun 27, 2013, at 2:16 PM, Thomas Becker <[email protected]> wrote: Add a security-constraint to your application's web.xml. That should even work with jetty 4 (Jesus!). Google for the details. Am 27.06.2013 21:13 schrieb "Catatonic" <[email protected]>: > > Unfortunately, upgrading to a newer version of Jetty is not an option for > this deployment. Not at this time. > > I still believe that this sort of configuration is possible with Jetty 4, but > I just can't figure it out. > > > On Jun 27, 2013, at 1:34 PM, Joakim Erdfelt <[email protected]> wrote: > > I'm confused, did you upgrade to Jetty 7, 8 or 9? > Or are you still on Jetty 4? (a codebase that was retired in 2006) > > It will be tough finding anyone with experience in Jetty 4. > We don't even have access to the source code or old binaries of Jetty 4 > anymore. > > > -- > Joakim Erdfelt <[email protected]> > webtide.com > Developer advice, services and support > from the Jetty & CometD experts > eclipse.org/jetty - cometd.org > > > On Thu, Jun 27, 2013 at 11:30 AM, Catatonic <[email protected]> wrote: >> >> I have a webapp built with a framework (Jacada) that uses Jetty 4 (yes, it’s >> old) as the web server. It runs on Windows Server 2003. >> >> I have successfully enabled SSL support by setting up an SSL listener. >> However, I have run into a security issue. A tester, after reaching the site >> via the secure URL, changed the URL from https to http and was able to >> continue working. That is, my configuration is allowing non-secured traffic >> to travel over the SSL port. >> >> I would like to force my SSL listener to only allow secured traffic. Here’s >> what I’ve tried: >> >> I added the following to [web_app_home_folder]\utils\web\jetty\etc\jetty.xml: >> >> <Call name="addHandler"> >> <Arg><New class="org.mortbay.http.handler.HTAccessHandler"> >> <Set name="AccessFile">.htaccess</Set> >> </New></Arg> >> </Call> >> >> In [web_app_home_folder], I created a file named .htaccess that contains the >> following: >> >> RewriteEngine On >> RewriteCond %{HTTPS} !=on >> RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] >> >> That did not have any effect. At this point I do not know if my changes to >> jetty.xml and my .htaccess file are even being detected. >> >> Any ideas on what I might have missed? Is there a better way to get the >> behavior I want? >> >> Thanks. >> >> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users > _______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
