Jetty 9.2.1 redirect http to https

前端 未结 2 1413
眼角桃花
眼角桃花 2021-02-06 16:29

can someone help migrating the code from jetty 8 to 9.2.1.

I need to have jetty listening on port 80 (http) and redirect every request to 443 (https).

this is th

相关标签:
2条回答
  • 2021-02-06 16:53

    Had trouble with this myself. I figured it out by converting an example using web.xml found at https://serverfault.com/questions/367660/how-to-have-jetty-redirect-http-to-https into the following:

    Basically you have to add a security constraint that forces all data from all paths to be confidential or else throw a !403 error. Then you configure your http connector to redirect all !403 errors to https:

    Server server = new Server();
    
    // HTTP Configuration
    HttpConfiguration http_config = new HttpConfiguration();
    http_config.addCustomizer(new SecureRequestCustomizer());
    
    //these two settings allow !403 errors to be redirected to https
    http_config.setSecureScheme("https");
    http_config.setSecurePort(443);
    
    //setup the secure config using the original http config + SecureRequestCustomizer
    HttpConfiguration https_config = new HttpConfiguration(http_config);
    https_config.addCustomizer(new SecureRequestCustomizer());
    
    // SSL Context Factory - tells how to access certificate info
    SslContextFactory sslContextFactory = new SslContextFactory();
     sslContextFactory.setKeyStorePath(EmbeddedJetty.class.getResource("/keystore.jks").toExternalForm());
    sslContextFactory.setKeyStorePassword("keystorepassword");
    sslContextFactory.setKeyManagerPassword("keymanagerpassword");
    
    //Create a connector on port 80 to listen for HTTP requests (that will get redirected)
    ServerConnector httpConnector = new ServerConnector(server);
    httpConnector.addConnectionFactory(new HttpConnectionFactory(http_config));
    httpConnector.setPort(80);
    
    //Connector on port 443 for HTTPS requests
    ServerConnector sslConnector = new ServerConnector(server,
            new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()),
            new HttpConnectionFactory(https_config));
    sslConnector.setPort(443);
    
    //setup the constraint that causes all http requests to return a !403 error
    ConstraintSecurityHandler security = new ConstraintSecurityHandler();        
    
    Constraint constraint = new Constraint();
    constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);
    
    //makes the constraint apply to all uri paths        
    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setPathSpec( "/*" );
    mapping.setConstraint( constraint );
    
    security.addConstraintMapping(mapping);
    
    //in my case I also define a ServletContextHandler for managing SpringMVC beans
    //that I daisy-chain into the security handler like so:
    //security.setHandler(servletContextHandler);
    
    server.setHandler(security);
    server.setConnectors(new Connector[] { httpConnector, sslConnector });
    
    server.start();
    server.join();
    
    0 讨论(0)
  • 2021-02-06 16:54

    In jetty 9.3 use SecuredRedirectHandler:

    public class Server extends org.eclipse.jetty.server.Server {
    
        public Server(int httpPort, boolean enableSsl, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword, ...) {
            initConnector(httpPort, enableSsl, httpsPort, keystorePath, keystorePassword, keyManagerPassword);
            ...
        }
    
        private void initConnector(int httpPort, boolean enableSsl, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword) {
            if (enableSsl) {
                final HttpConfiguration httpConfig = getHttpConfig(httpsPort);
                final HttpConfiguration httpsConfig = getHttpsConfig(httpConfig);
                final ServerConnector httpConnector = getHttpConnector(httpConfig, httpPort);
                final ServerConnector httpsConnector = getHttpsConnector(httpsConfig, httpsPort, keystorePath, keystorePassword, keyManagerPassword);
    
                setConnectors(httpConnector, httpsConnector);
                addHandler(new SecuredRedirectHandler());
            } else {
                final ServerConnector serverConnector = new ServerConnector(this);
    
                serverConnector.setPort(httpPort);
    
                addConnector(serverConnector);
            }
        }
    
        private void setConnectors(ServerConnector httpConnector, ServerConnector httpsConnector) {
            setConnectors(new Connector[]{httpConnector, httpsConnector});
        }
    
        private ServerConnector getHttpsConnector(HttpConfiguration httpsConfig, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword) {
            final SslContextFactory sslContextFactory = new SslContextFactory();
    
            sslContextFactory.setKeyStorePath(keystorePath);
            sslContextFactory.setKeyStorePassword(keystorePassword);
            sslContextFactory.setKeyManagerPassword(keyManagerPassword);
            sslContextFactory.setTrustStorePath(keystorePath);
            sslContextFactory.setTrustStorePassword(keystorePassword);
    
            final ServerConnector httpsConnector = new ServerConnector(this,
                    new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
                    new HttpConnectionFactory(httpsConfig));
    
            httpsConnector.setPort(httpsPort);
    
            return httpsConnector;
        }
    
        private ServerConnector getHttpConnector(HttpConfiguration httpConfig, int httpPort) {
            final ServerConnector httpConnector = new ServerConnector(this);
    
            httpConnector.addConnectionFactory(new HttpConnectionFactory(httpConfig));
            httpConnector.setPort(httpPort);
    
            return httpConnector;
        }
    
        private HttpConfiguration getHttpsConfig(HttpConfiguration httpConfig) {
            final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
    
            httpsConfig.addCustomizer(new SecureRequestCustomizer());
    
            return httpsConfig;
        }
    
        private HttpConfiguration getHttpConfig(int httpsPort) {
            final HttpConfiguration httpConfig = new HttpConfiguration();
    
            httpConfig.addCustomizer(new SecureRequestCustomizer());
            httpConfig.setSecureScheme(HttpScheme.HTTPS.asString());
            httpConfig.setSecurePort(httpsPort);
    
            return httpConfig;
        }
    
        private void addHandler(Handler handler) {
            final Handler currentHandler = getHandler();
            if (currentHandler == null) {
                setHandler(handler);
            } else {
                if (currentHandler instanceof HandlerList) {
                    ((HandlerList) currentHandler).addHandler(handler);
                } else {
                    final HandlerList handlerList = new HandlerList();
    
                    handlerList.addHandler(currentHandler);
                    handlerList.addHandler(handler);
    
                    setHandler(handlerList);
                }
            }
        }
    }
    
    0 讨论(0)
提交回复
热议问题