Login/Register
Jetty: Redirect HTTP to HTTPS for static content
Asked Answered
javaxmljettyjetty-9
G

1

14

I have set up Jetty 9.3 with two XML context configurations. One for static content:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.server.handler.ContextHandler">
  <Set name="contextPath">/static</Set>
  <Set name="handler">
    <New class="org.eclipse.jetty.server.handler.ResourceHandler">
      <Set name="resourceBase">/home/user/static</Set>
      <Set name="directoriesListed">true</Set>
    </New>
  </Set>
</Configure>

and one for a web application (WAR file):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
  <Set name="contextPath">/webapp</Set>
  <Set name="war">/home/user/webapp.war</Set>
</Configure>

I then used this answer to set up Jetty to forward HTTP requests to HTTPS. More specifically, I added the following to jetty/etc/webdefault.xml:

<security-constraint>
  <web-resource-collection>
   <web-resource-name>Everything</web-resource-name>
   <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

and added the following to my HttpConfiguration in jetty/etc/jetty.xml:

<Call name="addCustomizer">
  <Arg>
    <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
  </Arg>
</Call>

This works perfectly for my web application (i.e. accessing the server through HTTP at '/webapp' will redirect to HTTPS), but doesn't seem to affect the static content served under '/static'. I assume this is because the setting added to webdefault.xml only applies to web applications since they have an applicable web.xml file.

How can I set up HTTP requests to redirect to HTTPS for all my pages served as static content?

Ganef answered 28/6, 2016 at 10:40 Comment(4)
What about RewriteHandler ? Maybe it will help you to solve your problem. Just serve static content by this handler.Resentful
You can use nginx for this, along with the http to https redirect you will get other advantages like static page cache.Heartbreaking
Have you tried to use the default servlet + ServletContextHandler for your static content instead of ResourceHandler (which is very limited)? Maybe it would help. @srini In my humble opinion, using another HTTPD server (Apache, Nginx, ...) just for the redirections is a bit too much especially when your server has very limited resources. I use a small board with only one GB of RAM, I wouldn't follow your suggestion.Orang
Related browser-side solution: HSTS. It will tell browsers to always access resources on your domain through HTTPS.Valle
D
1

As far as I could tell (e.g., based on this SO and this SF and the Jetty Docs) it's not configurable for static content, only for webapps.

What you could do (that does not mean that you should do it this way) is that you create a custom @PreMatching filter if you are using JAX-RS or a custom MessageHandler if you are using JAX-WS which does the redirection programatically (e.g., through returning an HTTP 301).

Deemster answered 5/1, 2017 at 8:28 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.