http to https automatic--weblogic/jboss/tomcat--reference

weblogic

reference from:http://middlewaremagic.com/weblogic/?p=2019

Many times we want to secure our WebApplication Resources in such a way that if any Client is trying to access any Resource available as part of our Application using HTTP protocol then It should be automatically be redirected to WebLogic’s Secure port and the protocol should be changed automatically from HTTP to HTTPS.

Example: If a Client is accessing any Page like:
http://localhost:7001/MySecureApp/index.jsp (Where 7001 is HTTP Listen Post of Server)
We want that Client’s request should be automatically change to :
https://localhost:7002/MySecureApp/index.jsp (Where 7002 is HTTPS Secure Post of Server).

Here is a Simple Demonstration to achieve this.

Step1).Create a Directory somewhere in your File System.
Example: “C:\MySecureApp”

Step2). Provide the following “index.jsp” page inside “C:\MySecureApp”

1

<html>

2	<head><title>You are going to redirect to HTTPS port automatically</title><head>

3	<body bgcolor=maroon text=white>

4	<center><h1>This is Index.jsp Page....</h1></center>

5

</body>

6

</html>

Step3). Create a “WEB-INF” directory inside “C:\MySecureApp” and then provide the following “web.xml” file inside it…as following:

01	<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">

02

<web-app>

03	<security-constraint>

04	<web-resource-collection>

05	<web-resource-name>SessionTest</web-resource-name>

06	<url-pattern>/*</url-pattern>

07	</web-resource-collection>

08	<user-data-constraint>

09	<transport-guarantee>CONFIDENTIAL</transport-guarantee>

10	</user-data-constraint>

11	</security-constraint>

12	</web-app>

Step4). Deploy the Application “MySecureApp” on WebLogic Server…and then Hit the index.jsp Page using HTTP protocol:

http://localhost:7001/MySecureApp/index,jsp

you will see that the URL automatically changes to  https://localhost:7002/MySecureApp/index.jsp

UPDATE:

If you need any one JSP page which should not go be redirect in HTTPS then you can do edit “web.xml” in the following way

01	<pre><code><!DOCTYPE web-app PUBLIC <span style="color: red;">"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"</span> <span style="color: red;">"http://java.sun.com/dtd/web-app_2_3.dtd"</span>>

02

<web-app>

03

04	<security-constraint>

05	<web-resource-collection>

06	<web-resource-name>SecureResource</web-resource-name>

07	<url-pattern>/*</url-pattern>

08	</web-resource-collection>

09	<user-data-constraint>

10	<transport-guarantee>CONFIDENTIAL</transport-guarantee>

11	</user-data-constraint>

12	</security-constraint>

13

14	<security-constraint>

15	<web-resource-collection>

16	<web-resource-name>Non-SecureResource</web-resource-name>

17	<url-pattern>/test.jsp</url-pattern>

18	</web-resource-collection>

19	<user-data-constraint>

20	<transport-guarantee>NONE</transport-guarantee>

21	</user-data-constraint>

22	</security-constraint>

23

24	</web-app>

25	</span></code></pre>

The same solution had worked for a users in Oracle forum – http to https redirect use HttpClusterServlet

JBoss AS7

reference from:http://middlewaremagic.com/jboss/?p=992

In this demonstration we will see how to create a simple keystore and based on this how to configure the HTTPs connector in JBoss AS7. Also in many production environments it is desired to redirect clients incoming HTTP requests to HTTPs automatically.

So here we will see how can be use the redirect port configuration in the http connector and what kind of information we need to provide inside the “web.xml” file of our web application where we want automatic HTTPs redirection feature to make all the client conversation with the server CONFIDENTIAL.

SSL Configuration on JBoss AS7

Step1). Create a simple SSL certificate keystore. We can use the “keytool” utility which comes by default with the JDK and present inside the “$JAVA_HOME/bin” directory. So before running the below command make sure that you have set the PATH to point to your JDK bin directory.

1	For Unix Based OS:

2	export PATH=/home/userone/jdk1.6.0_21/bin:$PATH

3

4	For Windows Based OS:

5	set PATH=C:/jdk1.6.0_21/bin;%PATH%

Step2). Run the following command to create a sample key store file with name “chap8.keystore”

1	keytool -genkey -keystore chap8.keystore -storepass rmi+ssl -keypass rmi+ssl

2	-keyalg RSA -alias chapter8  -validity 3650

3	-dname "cn=chapter8 example,ou=admin book,dc=jboss,dc=org"

Step3). Now paste the generated “chap8.keystore” inside the “/home/userone/jboss-as-7.1.0.Beta1/standalone/configuration” directory and then edit the “standalone-full.xml” file present in the same directory. We will need to edit the “urn:jboss:domain:web:1.1″ subsystem as following:

01	<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">

02	<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/>

03

04	<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">

05	<ssl name="ssl"

06	key-alias="chapter8"

07	password="rmi+ssl"

08	certificate-key-file="../standalone/configuration/chap8.keystore"

09	protocol="TLSv1"

10	verify-client="false"/>

11	</connector>

12	<virtual-server name="default-host" enable-welcome-root="true">

13	<alias name="localhost"/>

14	<alias name="example.com"/>

15	</virtual-server>

16	</subsystem>

NOTE: We added the redirect-port=”8443″ inside the http connector as well as we added the “https” connector settings with the ssl informations.

Step4). Now restart the JBoss AS7 server from inside “/home/userone/jboss-as-7.1.0.Beta1//bin” directory as following:

1	[userone@localhost bin]$./standalone.sh -c standalone-full.xml

Writing Test WebApplication

Step5). For simple testing we will write a web application. So create a directory somewhere in your file system with name “/home/userone/SelfSigned_SSL_Demo” and then create another directory “src” inside “/home/userone/SelfSigned_SSL_Demo”.

Step6). place the following kind of simple “index.jsp” file inside “/home/userone/SelfSigned_SSL_Demo/src” directory:

01

<html>

02

<head>

03	<title>SSL Demo</title>

04

</head>

05	<body bgcolor=maroon text=white>

06	<BR><BR><BR><BR><BR><BR>

07

<center>

08	<b>index.jsp executed successfully over HTTPS.</b>

09

</center>

10

</body>

11

</html>

Step7). Now we will write a “web.xml” file inside the “/home/userone/SelfSigned_SSL_Demo/src” directory, and in this file we will define the user-data-constraint as CONFIDENTIAL sothat clients request matching the url-pattern defined will be automatically be redirected to the redirect-port defined inside the “standalone-full.xml” file.

01	<?xml version="1.0" encoding="UTF-8"?>

02	<web-app version="2.5"

03	xmlns="http://java.sun.com/xml/ns/javaee"

04	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

05	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

06	<security-constraint>

07	<web-resource-collection>

08	<web-resource-name>HTTPs Test</web-resource-name>

09	<url-pattern>/*</url-pattern>

10	</web-resource-collection>

11	<user-data-constraint>

12	<transport-guarantee>CONFIDENTIAL</transport-guarantee>

13	</user-data-constraint>

14	</security-constraint>

15	</web-app>

Step8). To simply build and deploy the above web application we will write the following kind of “build.xml” file inside “/home/userone/SelfSigned_SSL_Demo” directory.

01	<project name="JBoss_Service" default="post-deploy">

02	<property name="jboss.home" value="/home/userone/jboss-as-7.1.0.Beta1" />

03	<property name="jboss.module.dir" value="${jboss.home}/modules" />

04	<property name="java.home.dir" value="/home/userone/MyJdks/jdk1.6.0_05" />

05	<property name="basedir" value="." />

06	<property name="war.exploaded.name" value="SelfSigned_HttpsTest" />

07	<property name="src.dir" value="src" />

08	<property name="output.dir" value="build" />

09

10	<path id="jboss.classpath">

11	<fileset dir="${jboss.module.dir}">

12	<include name="**/*.jar"/>

13	</fileset>

14

</path>

15

16	<target name="init">

17	<delete dir="${output.dir}" />

18	<mkdir dir="${output.dir}" />

19	<mkdir dir="${output.dir}/${war.exploaded.name}"/>

20	<mkdir dir="${output.dir}/${war.exploaded.name}/WEB-INF"/>

21

</target>

22

23	<target name="build" depends="init">

24	<copy todir="${output.dir}/${war.exploaded.name}/WEB-INF">

25	<fileset dir="${basedir}/src">

26	<include name="web.xml"/>

27	</fileset>

28

</copy>

29	<copy todir="${output.dir}/${war.exploaded.name}">

30	<fileset dir="${basedir}/src">

31	<include name="index.jsp"/>

32	</fileset>

33

</copy>

34	<jar jarfile="${output.dir}/${war.exploaded.name}.war" basedir="${output.dir}/${war.exploaded.name}" compress="true" />

35

</target>

36

37	<target name="deploy" depends="build">

38	<echo message="*******************  Deploying   *********************" />

39	<echo message="********** ${war.exploaded.name}.war to ${jboss.home}/standalone/deployments **********" />

40	<copy todir="${jboss.home}/standalone/deployments/">

41	<fileset dir="${output.dir}/">

42	<include name="${war.exploaded.name}.war"/>

43	</fileset>

44

</copy>

45	<echo message="*******************  Deployed Successfully   *********************" />

46

</target>

47

48	<target name="post-deploy" depends="deploy">

49	<echo message="*******************  NOTE  *********************" />

50	<echo message="***** You should be able to access your WSDL using Browser now *****" />

51	<echo message="                http://localhost:8080/${war.exploaded.name}/index.jsp" />

52	<echo message="You will notice that your URL is automactically changing to https"/>

53	<echo message="https://localhost:8443/${war.exploaded.name}/index.jsp" />

54

</target>

55	</project>

Step9). Now before running your ANT script to build and deploy the above webapplication you should have the ANT as well as JAVA set in the $PATH variable of the Shell / command prompt as following:

1	For Unix Based OS:

2	export PATH=/home/userone/jdk1.6.0_21/bin:/home/userone/org.apache.ant_1.6.5/bin:$PATH

3

4	For Windows Based OS:

5	set PATH=C:/jdk1.6.0_21/bin;C:/org.apache.ant_1.6.5/bin;%PATH%

Step10). run the ant script “ant” to build and deploy the application on JBoss AS7.

01	[userone@localhost SelfSigned_SSL_Demo]$ ant

02	Buildfile: build.xml

03

04

init:

05	[delete] Deleting directory /home/userone/SelfSigned_SSL_Demo/build

06	[mkdir] Created dir: /home/userone/SelfSigned_SSL_Demo/build

07	[mkdir] Created dir: /home/userone/SelfSigned_SSL_Demo/build/SelfSigned_HttpsTest

08	[mkdir] Created dir: /home/userone/SelfSigned_SSL_Demo/build/SelfSigned_HttpsTest/WEB-INF

09

10

build:

11	[copy] Copying 1 file to /home/userone/SelfSigned_SSL_Demo/build/SelfSigned_HttpsTest/WEB-INF

12	[copy] Copying 1 file to /home/userone/SelfSigned_SSL_Demo/build/SelfSigned_HttpsTest

13	[jar] Building jar: /home/userone/SelfSigned_SSL_Demo/build/SelfSigned_HttpsTest.war

14

15

deploy:

16	[echo] *******************  Deploying   *********************

17	[echo] ********** SelfSigned_HttpsTest.war to /home/userone/jboss-as-7.1.0.Beta1/standalone/deployments **********

18	[copy] Copying 1 file to /home/userone/jboss-as-7.1.0.Beta1/standalone/deployments

19	[echo] *******************  Deployed Successfully   *********************

20

21	post-deploy:

22	[echo] *******************  NOTE  *********************

23	[echo] ***** You should be able to access your WSDL using Browser now *****

24	[echo]                 http://localhost:8080/SelfSigned_HttpsTest/index.jsp

25	[echo] You will notice that your URL is automactically changing to https

26	[echo] https://localhost:8443/SelfSigned_HttpsTest/index.jsp

27

28	BUILD SUCCESSFUL

29	Total time: 0 seconds

NOTE: Access the application with URL “http://localhost:8080/SelfSigned_HttpsTest/index.jsp” and you will notice that your URL is automatically chaged to ” https://localhost:8443/SelfSigned_HttpsTest/index.jsp”

- See more at: http://middlewaremagic.com/jboss/?p=992#sthash.MEtBfNxs.dpuf

tomcat-7

reference from :http://tkurek.blogspot.in/2013/07/tomcat-7-http-to-https-redirect.html

Tomcat 7 HTTP to HTTPS redirect

 

Intro

 

The following article shows how to easily redirect HTTP to HTTP in Tomcat 7 servlet container that it always requires secure connection. It was assumed that the following TCP ports are used for that purpose:

• 8080: for HTTP
• 8443: for HTTPS

Please, follow the exact steps as described below to get it done.

 

Configuration

 

1) Update server.xml configuration file in Tomcat home directory and change the following part of its configuration:

 

<Connector port="8080" protocol="HTTP/1.1"

           connectionTimeout="20000"

           URIEncoding="UTF-8"

           redirectPort="8443" />

 

to what's shown below:

 

<Connector port="8080" enableLookups="false"

           redirectPort="8443" />

 

2) Update web.xml configuration file in Tomcat home directory and add the following content into the end before the closing </web-app> markup:

 

<security-constraint>

<web-resource-collection>

<web-resource-name>Protected Context</web-resource-name>

<url-pattern>/*</url-pattern>

</web-resource-collection>

<!-- auth-constraint goes here if you requre authentication -->

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

 

3) Restart Tomcat servlet container.

 

You're done! The Tomcat always requires secure connection now.