Yup, I think that's it. I looked at the HttpConfiguration and the default for secureScheme seemed to be https / 443, but somewhere between Jetty startup and Spring Boot having its tendrils everywhere, by runtime that is no longer the case. Setting it back to the default https / 443 seems to do the trick.
Thanks Joakim! On Mon, May 3, 2021 at 11:02 AM Joakim Erdfelt <[email protected]> wrote: > What is the configuration of your ServerConnectors, and the > HttpConfiguration + SecureRequestCustomizer settings on those connectors? > > Chances are you just haven't set that up properly for your environment. > > The HttpConfiguration needs to be setup properly to point to the external > TLS layer. > Optionally, the SecureRequestCustomizer needs to be present and possibly > configured to use the Forwarding header that your TLS layer could be adding > to the request. > > Joakim Erdfelt / [email protected] > > > On Mon, May 3, 2021 at 12:30 PM Steven Schlansker < > [email protected]> wrote: > >> Hi again jetty-users, >> >> I'm still stuck on this problem. Has anyone done something similar, or >> have a resource to suggest I could dig deeper to answer my own question? >> I'm so close to having the authentication flow work, this is the last >> non-working bit... >> >> Thanks, >> Steven >> >> On Mon, Apr 26, 2021 at 2:48 PM Steven Schlansker < >> [email protected]> wrote: >> >>> Hi jetty-users, happy Monday :) >>> I am trying to configure FormAuthenticator in Jetty 9.4.40 on a server >>> that serves HTTP terminated behind an external load balancer handling the >>> TLS termination. >>> >>> Everything works fine in testing, but when it is behind the external TLS >>> termination, Jetty serves up 303 See Other responses to e.g. the login page >>> with an absolute http url, which redirects the user away from the secure >>> site. The FormAuthenticator seems to allow me to customize the path to the >>> form and error page, but not the scheme. >>> >>> I tried attaching ForwardedRequestCustomizer to see if parsing the >>> forwarding headers would help, but it did not seem to change anything. >>> >>> I tried using FormAuthenticator dispatch mode instead of redirect, but >>> that caused all server responses to 404 for reasons I didn't really >>> understand, so I gave up on that pretty quick. >>> >>> What's the right way to configure FormAuthenticator or its connector in >>> embedded jetty to preserve the https nature of the site, even when Jetty >>> doesn't do TLS termination? I can't help but feel this should be answered >>> on Google but I must be searching for the wrong thing... >>> >>> I've attached my handler setup below in case that helps. >>> Thanks for any advice, >>> Steven >>> >>> final var securityHandler = new ConstraintSecurityHandler(); >>> securityHandler.setLoginService(loginService); >>> securityHandler.addRole("ws"); >>> >>> final var constraintMapping = new ConstraintMapping(); >>> final var constraint = new Constraint(Constraint.__FORM_AUTH, >>> "ws"); >>> constraint.setAuthenticate(true); >>> constraintMapping.setConstraint(constraint); >>> constraintMapping.setPathSpec("/*"); >>> >>> securityHandler.addConstraintMapping(constraintMapping); >>> >>> final var noAuth = new Constraint(); >>> noAuth.setName(Constraint.NONE); >>> final String loginPath = "/login"; >>> final String loginErrPath = loginPath + "/error"; >>> for (final var exclude : new String[] { "/favicon.ico", >>> "/health", "/health/*", loginPath, loginErrPath }) { >>> final var noAuthMapping = new ConstraintMapping(); >>> noAuthMapping.setConstraint(noAuth); >>> noAuthMapping.setPathSpec(exclude); >>> securityHandler.addConstraintMapping(noAuthMapping); >>> } >>> securityHandler.setHandler(servletContextHandler); >>> >>> securityHandler.setAuthenticator(new >>> FormAuthenticator(loginPath, loginErrPath, false)); >>> >>> final var sessionHandler = new SessionHandler(); >>> sessionHandler.setHandler(securityHandler); >>> sessionHandler.setMaxInactiveInterval((int) >>> Duration.ofDays(7).toSeconds()); >>> >>> final var sessionSchema = new SessionTableSchema(); >>> sessionSchema.setTableName("JettySessions_" + serviceName); >>> >>> final var dbAdapt = new DatabaseAdaptor(); >>> dbAdapt.setDatasource(ds); >>> >>> final var dataStoreFactory = new JDBCSessionDataStoreFactory(); >>> dataStoreFactory.setGracePeriodSec((int) >>> Duration.ofDays(7).toSeconds()); >>> dataStoreFactory.setSessionTableSchema(sessionSchema); >>> dataStoreFactory.setDatabaseAdaptor(dbAdapt); >>> server.addBean(dataStoreFactory); >>> >>> final var sessionIdMgr = new DefaultSessionIdManager(server); >>> sessionIdMgr.setWorkerName(GraphiteTags.pod()); >>> server.setSessionIdManager(sessionIdMgr); >>> >>> return sessionHandler; >>> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To unsubscribe from this list, visit >> https://www.eclipse.org/mailman/listinfo/jetty-users >> > _______________________________________________ > jetty-users mailing list > [email protected] > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
