Hi Weinan,

The AWS load balancer sends an X-Forwarded-Proto header to the Jboss server
in the backed, which Jboss is able to use if I add this valve and option to
my jboss-web.xml:
    <valve>
        <class-name>org.apache.catalina.valves.RemoteIpValve</class-name>
        <param>
            <param-name>protocolHeader</param-name>
            <param-value>x-forwarded-proto</param-value>
        </param>
    </valve>
This allows Jboss to handle the original https request, and Resteasy to
proceed with proper authorization. Thanks for the help! The only issue I
see now is that the Bearer token that I get back by using client
credentials and BASIC auth does not expire when I set it to - even if I set
it to 1 minute in the RestEasy settings. It is still allowed after it
should have timed out. Is there another way that I should be setting or
enforcing the token timeout?

Thanks,
James


On Sat, Jan 25, 2014 at 6:07 AM, Weinan Li <l.wei...@gmail.com> wrote:

> Hi James,
>
> Sorry I’m not familiar with AWS load balancer. I know that mod_jk supports
> to pass client SSL information to backend JBoss server and the application
> in JBoss server could use the information to do their work. And mod_jk is
> using standard AJPv13 protocol to forward the client SSL information to
> backend JBoss servers. If AWS load balancer supports AJPv13 protocol, it
> should also be able to pass the SSL information to JBoss.
>
> --
> Weinan Li
>
>
> On Saturday, January 25, 2014 at 6:55 AM, james truty wrote:
>
> > I am trying to use RestEasy in Jboss as a central auth server to
> authenticate REST calls behind an AWS load balancer. Ideally, this load
> balancer would communicate to the Jboss server over HTTP (not https) as the
> SSL part is handled at the load balancer level before hitting the auth
> server in the backend. In this case, the Jboss server has no knowledge of
> the SSL Cert or the HTTPS request. Is it possible to use RestEasy for auth
> in this scenario? Without the SSL connector configured through JBoss, I
> don't have access to the necessary OAUTH urls.
> >
> > Thanks,
> > James
> >
> ------------------------------------------------------------------------------
> > CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> > Learn Why More Businesses Are Choosing CenturyLink Cloud For
> > Critical Workloads, Development Environments & Everything In Between.
> > Get a Quote or Start a Free Trial Today.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> >
> > _______________________________________________
> > Resteasy-users mailing list
> > Resteasy-users@lists.sourceforge.net (mailto:
> Resteasy-users@lists.sourceforge.net)
> > https://lists.sourceforge.net/lists/listinfo/resteasy-users
>
>
>
>
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users

Reply via email to