can someone help migrating the code from jetty 8 to 9.2.1.
I need to have jetty listening on port 80 (http) and redirect every request to 443 (https).
this is the code for jetty 8, but it doesn’t work on 9.2.1. Version 9 uses ServerConnector but I cant find examples on how to use the setConfidentialPort property.
Server server = new Server();
//Create a connector on port 80 to listen for HTTP requests
SelectChannelConnector httpConnector = new SelectChannelConnector();
httpConnector.setPort(80);
server.addConnector(httpConnector);
//Create a connector on port 443 to listen for HTTPS requests
SslSocketConnector httpsConnector = new SslSocketConnector();
httpsConnector.setPort(443);
httpsConnector.setKeystore("name_of_the_keystore");
httpsConnector.setPassword("password_for_the_keystore");
httpsConnector.setKeyPassword("password_for_the_key");
server.addConnector(httpsConnector);
//Redirect the HTTP requests to HTTPS port
httpConnector.setConfidentialPort(443);
Had trouble with this myself. I figured it out by converting an example using web.xml found at https://serverfault.com/questions/367660/how-to-have-jetty-redirect-http-to-https into the following:
Basically you have to add a security constraint that forces all data from all paths to be confidential or else throw a !403 error. Then you configure your http connector to redirect all !403 errors to https:
Server server = new Server();
// HTTP Configuration
HttpConfiguration http_config = new HttpConfiguration();
http_config.addCustomizer(new SecureRequestCustomizer());
//these two settings allow !403 errors to be redirected to https
http_config.setSecureScheme("https");
http_config.setSecurePort(443);
//setup the secure config using the original http config + SecureRequestCustomizer
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
// SSL Context Factory - tells how to access certificate info
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(EmbeddedJetty.class.getResource("/keystore.jks").toExternalForm());
sslContextFactory.setKeyStorePassword("keystorepassword");
sslContextFactory.setKeyManagerPassword("keymanagerpassword");
//Create a connector on port 80 to listen for HTTP requests (that will get redirected)
ServerConnector httpConnector = new ServerConnector(server);
httpConnector.addConnectionFactory(new HttpConnectionFactory(http_config));
httpConnector.setPort(80);
//Connector on port 443 for HTTPS requests
ServerConnector sslConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()),
new HttpConnectionFactory(https_config));
sslConnector.setPort(443);
//setup the constraint that causes all http requests to return a !403 error
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
Constraint constraint = new Constraint();
constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);
//makes the constraint apply to all uri paths
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec( "/*" );
mapping.setConstraint( constraint );
security.addConstraintMapping(mapping);
//in my case I also define a ServletContextHandler for managing SpringMVC beans
//that I daisy-chain into the security handler like so:
//security.setHandler(servletContextHandler);
server.setHandler(security);
server.setConnectors(new Connector[] { httpConnector, sslConnector });
server.start();
server.join();
In jetty 9.3 use SecuredRedirectHandler:
public class Server extends org.eclipse.jetty.server.Server {
public Server(int httpPort, boolean enableSsl, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword, ...) {
initConnector(httpPort, enableSsl, httpsPort, keystorePath, keystorePassword, keyManagerPassword);
...
}
private void initConnector(int httpPort, boolean enableSsl, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword) {
if (enableSsl) {
final HttpConfiguration httpConfig = getHttpConfig(httpsPort);
final HttpConfiguration httpsConfig = getHttpsConfig(httpConfig);
final ServerConnector httpConnector = getHttpConnector(httpConfig, httpPort);
final ServerConnector httpsConnector = getHttpsConnector(httpsConfig, httpsPort, keystorePath, keystorePassword, keyManagerPassword);
setConnectors(httpConnector, httpsConnector);
addHandler(new SecuredRedirectHandler());
} else {
final ServerConnector serverConnector = new ServerConnector(this);
serverConnector.setPort(httpPort);
addConnector(serverConnector);
}
}
private void setConnectors(ServerConnector httpConnector, ServerConnector httpsConnector) {
setConnectors(new Connector[]{httpConnector, httpsConnector});
}
private ServerConnector getHttpsConnector(HttpConfiguration httpsConfig, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword) {
final SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(keystorePath);
sslContextFactory.setKeyStorePassword(keystorePassword);
sslContextFactory.setKeyManagerPassword(keyManagerPassword);
sslContextFactory.setTrustStorePath(keystorePath);
sslContextFactory.setTrustStorePassword(keystorePassword);
final ServerConnector httpsConnector = new ServerConnector(this,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpsConfig));
httpsConnector.setPort(httpsPort);
return httpsConnector;
}
private ServerConnector getHttpConnector(HttpConfiguration httpConfig, int httpPort) {
final ServerConnector httpConnector = new ServerConnector(this);
httpConnector.addConnectionFactory(new HttpConnectionFactory(httpConfig));
httpConnector.setPort(httpPort);
return httpConnector;
}
private HttpConfiguration getHttpsConfig(HttpConfiguration httpConfig) {
final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
return httpsConfig;
}
private HttpConfiguration getHttpConfig(int httpsPort) {
final HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.addCustomizer(new SecureRequestCustomizer());
httpConfig.setSecureScheme(HttpScheme.HTTPS.asString());
httpConfig.setSecurePort(httpsPort);
return httpConfig;
}
private void addHandler(Handler handler) {
final Handler currentHandler = getHandler();
if (currentHandler == null) {
setHandler(handler);
} else {
if (currentHandler instanceof HandlerList) {
((HandlerList) currentHandler).addHandler(handler);
} else {
final HandlerList handlerList = new HandlerList();
handlerList.addHandler(currentHandler);
handlerList.addHandler(handler);
setHandler(handlerList);
}
}
}
}