Jetty 9.2.1 redirect http to https
can someone help migrating the code from jetty 8 to 9.2.1.
I need to have jetty listening on port 80 (http) and redirect every request to 443 (https).
this is th
-
Had trouble with this myself. I figured it out by converting an example using web.xml found at https://serverfault.com/questions/367660/how-to-have-jetty-redirect-http-to-https into the following:
Basically you have to add a security constraint that forces all data from all paths to be confidential or else throw a !403 error. Then you configure your http connector to redirect all !403 errors to https:
Server server = new Server(); // HTTP Configuration HttpConfiguration http_config = new HttpConfiguration(); http_config.addCustomizer(new SecureRequestCustomizer()); //these two settings allow !403 errors to be redirected to https http_config.setSecureScheme("https"); http_config.setSecurePort(443); //setup the secure config using the original http config + SecureRequestCustomizer HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); // SSL Context Factory - tells how to access certificate info SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(EmbeddedJetty.class.getResource("/keystore.jks").toExternalForm()); sslContextFactory.setKeyStorePassword("keystorepassword"); sslContextFactory.setKeyManagerPassword("keymanagerpassword"); //Create a connector on port 80 to listen for HTTP requests (that will get redirected) ServerConnector httpConnector = new ServerConnector(server); httpConnector.addConnectionFactory(new HttpConnectionFactory(http_config)); httpConnector.setPort(80); //Connector on port 443 for HTTPS requests ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()), new HttpConnectionFactory(https_config)); sslConnector.setPort(443); //setup the constraint that causes all http requests to return a !403 error ConstraintSecurityHandler security = new ConstraintSecurityHandler(); Constraint constraint = new Constraint(); constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL); //makes the constraint apply to all uri paths ConstraintMapping mapping = new ConstraintMapping(); mapping.setPathSpec( "/*" ); mapping.setConstraint( constraint ); security.addConstraintMapping(mapping); //in my case I also define a ServletContextHandler for managing SpringMVC beans //that I daisy-chain into the security handler like so: //security.setHandler(servletContextHandler); server.setHandler(security); server.setConnectors(new Connector[] { httpConnector, sslConnector }); server.start(); server.join();讨论(0) -
In jetty 9.3 use SecuredRedirectHandler:
public class Server extends org.eclipse.jetty.server.Server { public Server(int httpPort, boolean enableSsl, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword, ...) { initConnector(httpPort, enableSsl, httpsPort, keystorePath, keystorePassword, keyManagerPassword); ... } private void initConnector(int httpPort, boolean enableSsl, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword) { if (enableSsl) { final HttpConfiguration httpConfig = getHttpConfig(httpsPort); final HttpConfiguration httpsConfig = getHttpsConfig(httpConfig); final ServerConnector httpConnector = getHttpConnector(httpConfig, httpPort); final ServerConnector httpsConnector = getHttpsConnector(httpsConfig, httpsPort, keystorePath, keystorePassword, keyManagerPassword); setConnectors(httpConnector, httpsConnector); addHandler(new SecuredRedirectHandler()); } else { final ServerConnector serverConnector = new ServerConnector(this); serverConnector.setPort(httpPort); addConnector(serverConnector); } } private void setConnectors(ServerConnector httpConnector, ServerConnector httpsConnector) { setConnectors(new Connector[]{httpConnector, httpsConnector}); } private ServerConnector getHttpsConnector(HttpConfiguration httpsConfig, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword) { final SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(keystorePath); sslContextFactory.setKeyStorePassword(keystorePassword); sslContextFactory.setKeyManagerPassword(keyManagerPassword); sslContextFactory.setTrustStorePath(keystorePath); sslContextFactory.setTrustStorePassword(keystorePassword); final ServerConnector httpsConnector = new ServerConnector(this, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); httpsConnector.setPort(httpsPort); return httpsConnector; } private ServerConnector getHttpConnector(HttpConfiguration httpConfig, int httpPort) { final ServerConnector httpConnector = new ServerConnector(this); httpConnector.addConnectionFactory(new HttpConnectionFactory(httpConfig)); httpConnector.setPort(httpPort); return httpConnector; } private HttpConfiguration getHttpsConfig(HttpConfiguration httpConfig) { final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); return httpsConfig; } private HttpConfiguration getHttpConfig(int httpsPort) { final HttpConfiguration httpConfig = new HttpConfiguration(); httpConfig.addCustomizer(new SecureRequestCustomizer()); httpConfig.setSecureScheme(HttpScheme.HTTPS.asString()); httpConfig.setSecurePort(httpsPort); return httpConfig; } private void addHandler(Handler handler) { final Handler currentHandler = getHandler(); if (currentHandler == null) { setHandler(handler); } else { if (currentHandler instanceof HandlerList) { ((HandlerList) currentHandler).addHandler(handler); } else { final HandlerList handlerList = new HandlerList(); handlerList.addHandler(currentHandler); handlerList.addHandler(handler); setHandler(handlerList); } } } }讨论(0)
加载中...
- 热议问题