Search code examples
wildflywildfly-8

HTTPS on WildFly - Redirecting from HTTP

I have my application running on WildFly 8.2 and is supposed to be fully on HTTPS.

To do this, on web.xml, I have

<security-constraint>
    <web-resource-collection>
        <web-resource-name>App</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

And then, on standalone.xml I have, 

        <server name="default-server">
            <http-listener name="http-default" socket-binding="http"/>
            <https-listener name="https-default" socket-binding="https" security-realm="SSLRealm"/>
            <host name="http-default" alias="localhost" default-web-module="sp.war">
                <filter-ref name="server-header"/>
                <filter-ref name="x-powered-by-header"/>
            </host>
            <host name="https-default" alias="sponline.tdata.com" default-web-module="sp.war">
            </host>             
        </server>

and 

        <security-realm name="SSLRealm">
            <server-identities>
                <ssl>
                    <keystore path="sponline_keystore.jks" relative-to="jboss.server.config.dir" keystore-password="sponline2015" alias="sponline" key-password="GxXxXXxX"/>
                </ssl>
            </server-identities>
        </security-realm>

Now, the server is bound to 2 domain names - HQDATADEV.TDATA.COM and SPONLINE.TDATA.COM. This setup is mandated by our internal policy.

Now, the problem is that the application is configured to have SSL on SPONLINE.TDATA.COM ONLY. But when I launch http://SPONLINE.TDATA.COM it automatically redirects me to .

Can someone explain me this behavior? And possibly a fix for this?

Solution

  • If I understand it correctly, then your application should only run for SPONLINE.TDATA.COM (because of the SSL requirements).

    I would do following. Specify in the application's WEB-INF/jboss-web.xml, that it's valid only for the sponline virtual host:

    <jboss-web>
   <context-root>/</context-root>
   <virtual-host>sponline</virtual-host>
</jboss-web>

    Then you can leave the default host configuration in the standalone.xml and add a new one - "sponline".

    <server name="default-server">
    <http-listener name="default" socket-binding="http"/>
    <https-listener name="https" socket-binding="https" security-realm="SSLRealm"/>
    <host name="default-host" alias="localhost">
        <location name="/" handler="welcome-content"/>
        <filter-ref name="server-header"/>
        <filter-ref name="x-powered-by-header"/>
    </host>
    <host name="sponline" alias="sponline.tdata.com"/>
</server>

    The security realm "SSLRealm" can stay as it is.