user2505009 user2505009 - 1 year ago 139
HTTP Question

Jetty 9.2.1 redirect http to https

can someone help migrating the code from jetty 8 to 9.2.1.

I need to have jetty listening on port 80 (http) and redirect every request to 443 (https).

this is the code for jetty 8, but it doesn’t work on 9.2.1. Version 9 uses ServerConnector but I cant find examples on how to use the setConfidentialPort property.

Server server = new Server();

//Create a connector on port 80 to listen for HTTP requests
SelectChannelConnector httpConnector = new SelectChannelConnector();
httpConnector.setPort(80);
server.addConnector(httpConnector);

//Create a connector on port 443 to listen for HTTPS requests
SslSocketConnector httpsConnector = new SslSocketConnector();
httpsConnector.setPort(443);
httpsConnector.setKeystore("name_of_the_keystore");
httpsConnector.setPassword("password_for_the_keystore");
httpsConnector.setKeyPassword("password_for_the_key");
server.addConnector(httpsConnector);

//Redirect the HTTP requests to HTTPS port
httpConnector.setConfidentialPort(443);

Answer Source

Had trouble with this myself. I figured it out by converting an example using web.xml found at https://serverfault.com/questions/367660/how-to-have-jetty-redirect-http-to-https into the following:

Basically you have to add a security constraint that forces all data from all paths to be confidential or else throw a !403 error. Then you configure your http connector to redirect all !403 errors to https:

Server server = new Server();

// HTTP Configuration
HttpConfiguration http_config = new HttpConfiguration();
http_config.addCustomizer(new SecureRequestCustomizer());

//these two settings allow !403 errors to be redirected to https
http_config.setSecureScheme("https");
http_config.setSecurePort(443);

//setup the secure config using the original http config + SecureRequestCustomizer
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());

// SSL Context Factory - tells how to access certificate info
SslContextFactory sslContextFactory = new SslContextFactory();
 sslContextFactory.setKeyStorePath(EmbeddedJetty.class.getResource("/keystore.jks").toExternalForm());
sslContextFactory.setKeyStorePassword("keystorepassword");
sslContextFactory.setKeyManagerPassword("keymanagerpassword");

//Create a connector on port 80 to listen for HTTP requests (that will get redirected)
ServerConnector httpConnector = new ServerConnector(server);
httpConnector.addConnectionFactory(new HttpConnectionFactory(http_config));
httpConnector.setPort(80);

//Connector on port 443 for HTTPS requests
ServerConnector sslConnector = new ServerConnector(server,
        new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()),
        new HttpConnectionFactory(https_config));
sslConnector.setPort(443);

//setup the constraint that causes all http requests to return a !403 error
ConstraintSecurityHandler security = new ConstraintSecurityHandler();        

Constraint constraint = new Constraint();
constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);

//makes the constraint apply to all uri paths        
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec( "/*" );
mapping.setConstraint( constraint );

security.addConstraintMapping(mapping);

//in my case I also define a ServletContextHandler for managing SpringMVC beans
//that I daisy-chain into the security handler like so:
//security.setHandler(servletContextHandler);

server.setHandler(security);
server.setConnectors(new Connector[] { httpConnector, sslConnector });

server.start();
server.join();
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download