weblogic
reference from:http://middlewaremagic.com/weblogic/?p=2019
Many times we want to secure our WebApplication Resources in such a way that if any Client is trying to access any Resource available as part of our Application using HTTP protocol then It should be automatically be redirected to WebLogic’s Secure port and the protocol should be changed automatically from HTTP to HTTPS.
Example: If a Client is accessing any Page like:
http://localhost:7001/MySecureApp/index.jsp (Where 7001 is HTTP Listen Post of Server)
We want that Client’s request should be automatically change to :
https://localhost:7002/MySecureApp/index.jsp (Where 7002 is HTTPS Secure Post of Server).
Here is a Simple Demonstration to achieve this.
Step1).Create a Directory somewhere in your File System.
Example: “C:\MySecureApp”
Step2). Provide the following “index.jsp” page inside “C:\MySecureApp”
2 |
< head >< title >You are going to redirect to HTTPS port automatically</ title >< head >
|
3 |
< body bgcolor = maroon text = white >
|
4 |
< center >< h1 >This is Index.jsp Page....</ h1 ></ center >
|
Step3). Create a “WEB-INF” directory inside “C:\MySecureApp” and then provide the following “web.xml” file inside it…as following:
04 |
< web-resource-collection >
|
05 |
< web-resource-name >SessionTest</ web-resource-name >
|
06 |
< url-pattern >/*</ url-pattern >
|
07 |
</ web-resource-collection >
|
08 |
< user-data-constraint >
|
09 |
< transport-guarantee >CONFIDENTIAL</ transport-guarantee >
|
10 |
</ user-data-constraint >
|
11 |
</ security-constraint >
|
Step4). Deploy the Application “MySecureApp” on WebLogic Server…and then Hit the index.jsp Page using HTTP protocol:
http://localhost:7001/MySecureApp/index,jsp
you will see that the URL automatically changes to https://localhost:7002/MySecureApp/index.jsp
UPDATE:
If you need any one JSP page which should not go be redirect in HTTPS then you can do edit “web.xml” in the following way
01 |
< pre >< code ><!DOCTYPE web-app PUBLIC < span style = "color: red;" >"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"</ span > < span style = "color: red;" >"http://java.sun.com/dtd/web-app_2_3.dtd"</ span >>
|
05 |
< web-resource-collection >
|
06 |
< web-resource-name >SecureResource</ web-resource-name >
|
07 |
< url-pattern >/*</ url-pattern >
|
08 |
</ web-resource-collection >
|
09 |
< user-data-constraint >
|
10 |
< transport-guarantee >CONFIDENTIAL</ transport-guarantee >
|
11 |
</ user-data-constraint >
|
12 |
</ security-constraint >
|
15 |
< web-resource-collection >
|
16 |
< web-resource-name >Non-SecureResource</ web-resource-name >
|
17 |
< url-pattern >/test.jsp</ url-pattern >
|
18 |
</ web-resource-collection >
|
19 |
< user-data-constraint >
|
20 |
< transport-guarantee >NONE</ transport-guarantee >
|
21 |
</ user-data-constraint >
|
22 |
</ security-constraint >
|
The same solution had worked for a users in Oracle forum – http to https redirect use HttpClusterServlet
JBoss AS7
reference from:http://middlewaremagic.com/jboss/?p=992
In this demonstration we will see how to create a simple keystore and based on this how to configure the HTTPs connector in JBoss AS7. Also in many production environments it is desired to redirect clients incoming HTTP requests to HTTPs automatically.
So here we will see how can be use the redirect port configuration in the http connector and what kind of information we need to provide inside the “web.xml” file of our web application where we want automatic HTTPs redirection feature to make all the client conversation with the server CONFIDENTIAL.
SSL Configuration on JBoss AS7
Step1). Create a simple SSL certificate keystore. We can use the “keytool” utility which comes by default with the JDK and present inside the “$JAVA_HOME/bin” directory. So before running the below command make sure that you have set the PATH to point to your JDK bin directory.
2 |
export PATH=/home/userone/jdk1. 6 .0_21/bin:$PATH
|
5 |
set PATH=C:/jdk1. 6 .0_21/bin;%PATH%
|
Step2). Run the following command to create a sample key store file with name “chap8.keystore”
1 |
keytool -genkey -keystore chap8.keystore -storepass rmi+ssl -keypass rmi+ssl |
2 |
-keyalg RSA -alias chapter8 -validity 3650
|
3 |
-dname "cn=chapter8 example,ou=admin book,dc=jboss,dc=org"
|
Step3). Now paste the generated “chap8.keystore” inside the “/home/userone/jboss-as-7.1.0.Beta1/standalone/configuration” directory and then edit the “standalone-full.xml” file present in the same directory. We will need to edit the “urn:jboss:domain:web:1.1″ subsystem as following:
01 |
< subsystem xmlns = "urn:jboss:domain:web:1.1" default-virtual-server = "default-host" >
|
02 |
< connector name = "http" protocol = "HTTP/1.1" scheme = "http" socket-binding = "http" redirect-port = "8443" />
|
04 |
< connector name = "https" protocol = "HTTP/1.1" scheme = "https" socket-binding = "https" enable-lookups = "false" secure = "true" >
|
08 |
certificate-key-file = "../standalone/configuration/chap8.keystore"
|
10 |
verify-client = "false" />
|
12 |
< virtual-server name = "default-host" enable-welcome-root = "true" >
|
13 |
< alias name = "localhost" />
|
14 |
< alias name = "example.com" />
|
NOTE: We added the redirect-port=”8443″ inside the http connector as well as we added the “https” connector settings with the ssl informations.
Step4). Now restart the JBoss AS7 server from inside “/home/userone/jboss-as-7.1.0.Beta1//bin” directory as following:
1 |
[userone @localhost bin]$./standalone.sh -c standalone-full.xml
|
Writing Test WebApplication
Step5). For simple testing we will write a web application. So create a directory somewhere in your file system with name “/home/userone/SelfSigned_SSL_Demo” and then create another directory “src” inside “/home/userone/SelfSigned_SSL_Demo”.
Step6). place the following kind of simple “index.jsp” file inside “/home/userone/SelfSigned_SSL_Demo/src” directory:
03 |
< title >SSL Demo</ title >
|
05 |
< body bgcolor = maroon text = white >
|
06 |
< BR >< BR >< BR >< BR >< BR >< BR >
|
08 |
< b >index.jsp executed successfully over HTTPS.</ b >
|
Step7). Now we will write a “web.xml” file inside the “/home/userone/SelfSigned_SSL_Demo/src” directory, and in this file we will define the user-data-constraint as CONFIDENTIAL sothat clients request matching the url-pattern defined will be automatically be redirected to the redirect-port defined inside the “standalone-full.xml” file.
01 |
<? xml version = "1.0" encoding = "UTF-8" ?>
|
02 |
< web-app version = "2.5"
|
07 |
< web-resource-collection >
|
08 |
< web-resource-name >HTTPs Test</ web-resource-name >
|
09 |
< url-pattern >/*</ url-pattern >
|
10 |
</ web-resource-collection >
|
11 |
< user-data-constraint >
|
12 |
< transport-guarantee >CONFIDENTIAL</ transport-guarantee >
|
13 |
</ user-data-constraint >
|
14 |
</ security-constraint >
|
Step8). To simply build and deploy the above web application we will write the following kind of “build.xml” file inside “/home/userone/SelfSigned_SSL_Demo” directory.
01 |
<project name= "JBoss_Service" default = "post-deploy" >
|
02 |
<property name= "jboss.home" value= "/home/userone/jboss-as-7.1.0.Beta1" />
|
03 |
<property name= "jboss.module.dir" value= "${jboss.home}/modules" />
|
04 |
<property name= "java.home.dir" value= "/home/userone/MyJdks/jdk1.6.0_05" />
|
05 |
<property name= "basedir" value= "." />
|
06 |
<property name= "war.exploaded.name" value= "SelfSigned_HttpsTest" />
|
07 |
<property name= "src.dir" value= "src" />
|
08 |
<property name= "output.dir" value= "build" />
|
10 |
<path id= "jboss.classpath" >
|
11 |
<fileset dir= "${jboss.module.dir}" >
|
12 |
<include name= "**/*.jar" />
|
17 |
<delete dir= "${output.dir}" />
|
18 |
<mkdir dir= "${output.dir}" />
|
19 |
<mkdir dir= "${output.dir}/${war.exploaded.name}" />
|
20 |
<mkdir dir= "${output.dir}/${war.exploaded.name}/WEB-INF" />
|
23 |
<target name= "build" depends= "init" >
|
24 |
<copy todir= "${output.dir}/${war.exploaded.name}/WEB-INF" >
|
25 |
<fileset dir= "${basedir}/src" >
|
26 |
<include name= "web.xml" />
|
29 |
<copy todir= "${output.dir}/${war.exploaded.name}" >
|
30 |
<fileset dir= "${basedir}/src" >
|
31 |
<include name= "index.jsp" />
|
34 |
<jar jarfile= "${output.dir}/${war.exploaded.name}.war" basedir= "${output.dir}/${war.exploaded.name}" compress= "true" />
|
37 |
<target name= "deploy" depends= "build" >
|
38 |
<echo message= "******************* Deploying *********************" />
|
39 |
<echo message= "********** ${war.exploaded.name}.war to ${jboss.home}/standalone/deployments **********" />
|
40 |
<copy todir= "${jboss.home}/standalone/deployments/" >
|
41 |
<fileset dir= "${output.dir}/" >
|
42 |
<include name= "${war.exploaded.name}.war" />
|
45 |
<echo message= "******************* Deployed Successfully *********************" />
|
48 |
<target name= "post-deploy" depends= "deploy" >
|
49 |
<echo message= "******************* NOTE *********************" />
|
50 |
<echo message= "***** You should be able to access your WSDL using Browser now *****" />
|
52 |
<echo message= "You will notice that your URL is automactically changing to https" />
|
Step9). Now before running your ANT script to build and deploy the above webapplication you should have the ANT as well as JAVA set in the $PATH variable of the Shell / command prompt as following:
2 |
export PATH=/home/userone/jdk1. 6 .0_21/bin:/home/userone/org.apache.ant_1. 6.5 /bin:$PATH
|
5 |
set PATH=C:/jdk1. 6 .0_21/bin;C:/org.apache.ant_1. 6.5 /bin;%PATH%
|
Step10). run the ant script “ant” to build and deploy the application on JBoss AS7.
01 |
[userone @localhost SelfSigned_SSL_Demo]$ ant
|
05 |
[delete] Deleting directory /home/userone/SelfSigned_SSL_Demo/build
|
06 |
[mkdir] Created dir: /home/userone/SelfSigned_SSL_Demo/build
|
07 |
[mkdir] Created dir: /home/userone/SelfSigned_SSL_Demo/build/SelfSigned_HttpsTest
|
08 |
[mkdir] Created dir: /home/userone/SelfSigned_SSL_Demo/build/SelfSigned_HttpsTest/WEB-INF
|
11 |
[copy] Copying 1 file to /home/userone/SelfSigned_SSL_Demo/build/SelfSigned_HttpsTest/WEB-INF
|
12 |
[copy] Copying 1 file to /home/userone/SelfSigned_SSL_Demo/build/SelfSigned_HttpsTest
|
13 |
[jar] Building jar: /home/userone/SelfSigned_SSL_Demo/build/SelfSigned_HttpsTest.war
|
16 |
[echo] ******************* Deploying *********************
|
17 |
[echo] ********** SelfSigned_HttpsTest.war to /home/userone/jboss-as- 7.1 . 0 .Beta1/standalone/deployments **********
|
18 |
[copy] Copying 1 file to /home/userone/jboss-as- 7.1 . 0 .Beta1/standalone/deployments
|
19 |
[echo] ******************* Deployed Successfully *********************
|
22 |
[echo] ******************* NOTE *********************
|
23 |
[echo] ***** You should be able to access your WSDL using Browser now *****
|
24 |
[echo] http: //localhost:8080/SelfSigned_HttpsTest/index.jsp
|
25 |
[echo] You will notice that your URL is automactically changing to https
|
26 |
[echo] https: //localhost:8443/SelfSigned_HttpsTest/index.jsp
|
NOTE: Access the application with URL “http://localhost:8080/SelfSigned_HttpsTest/index.jsp” and you will notice that your URL is automatically chaged to ” https://localhost:8443/SelfSigned_HttpsTest/index.jsp”
- See more at: http://middlewaremagic.com/jboss/?p=992#sthash.MEtBfNxs.dpuf
tomcat-7
reference from :http://tkurek.blogspot.in/2013/07/tomcat-7-http-to-https-redirect.html
Tomcat 7 HTTP to HTTPS redirect
Intro
The following article shows how to easily redirect HTTP to HTTP in Tomcat 7 servlet container that it always requires secure connection. It was assumed that the following TCP ports are used for that purpose:
- 8080: for HTTP
- 8443: for HTTPS
Please, follow the exact steps as described below to get it done.
Configuration
1) Update server.xml configuration file in Tomcat home directory and change the following part of its configuration:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />
to what's shown below:
<Connector port="8080" enableLookups="false"
redirectPort="8443" />
2) Update web.xml configuration file in Tomcat home directory and add the following content into the end before the closing </web-app> markup:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you requre authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
3) Restart Tomcat servlet container.
You're done! The Tomcat always requires secure connection now.