Jetty 9.2.1 redirect http to https

前端 未结 2 1414
眼角桃花
眼角桃花 2021-02-06 16:29

can someone help migrating the code from jetty 8 to 9.2.1.

I need to have jetty listening on port 80 (http) and redirect every request to 443 (https).

this is th

2条回答
  •  逝去的感伤
    2021-02-06 16:53

    Had trouble with this myself. I figured it out by converting an example using web.xml found at https://serverfault.com/questions/367660/how-to-have-jetty-redirect-http-to-https into the following:

    Basically you have to add a security constraint that forces all data from all paths to be confidential or else throw a !403 error. Then you configure your http connector to redirect all !403 errors to https:

    Server server = new Server();
    
    // HTTP Configuration
    HttpConfiguration http_config = new HttpConfiguration();
    http_config.addCustomizer(new SecureRequestCustomizer());
    
    //these two settings allow !403 errors to be redirected to https
    http_config.setSecureScheme("https");
    http_config.setSecurePort(443);
    
    //setup the secure config using the original http config + SecureRequestCustomizer
    HttpConfiguration https_config = new HttpConfiguration(http_config);
    https_config.addCustomizer(new SecureRequestCustomizer());
    
    // SSL Context Factory - tells how to access certificate info
    SslContextFactory sslContextFactory = new SslContextFactory();
     sslContextFactory.setKeyStorePath(EmbeddedJetty.class.getResource("/keystore.jks").toExternalForm());
    sslContextFactory.setKeyStorePassword("keystorepassword");
    sslContextFactory.setKeyManagerPassword("keymanagerpassword");
    
    //Create a connector on port 80 to listen for HTTP requests (that will get redirected)
    ServerConnector httpConnector = new ServerConnector(server);
    httpConnector.addConnectionFactory(new HttpConnectionFactory(http_config));
    httpConnector.setPort(80);
    
    //Connector on port 443 for HTTPS requests
    ServerConnector sslConnector = new ServerConnector(server,
            new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()),
            new HttpConnectionFactory(https_config));
    sslConnector.setPort(443);
    
    //setup the constraint that causes all http requests to return a !403 error
    ConstraintSecurityHandler security = new ConstraintSecurityHandler();        
    
    Constraint constraint = new Constraint();
    constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);
    
    //makes the constraint apply to all uri paths        
    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setPathSpec( "/*" );
    mapping.setConstraint( constraint );
    
    security.addConstraintMapping(mapping);
    
    //in my case I also define a ServletContextHandler for managing SpringMVC beans
    //that I daisy-chain into the security handler like so:
    //security.setHandler(servletContextHandler);
    
    server.setHandler(security);
    server.setConnectors(new Connector[] { httpConnector, sslConnector });
    
    server.start();
    server.join();
    

提交回复
热议问题