如何使“HTTPS重定向”在WebSphere Application Server Liberty Profile上运行?

时间:2013-07-03 12:44:31

标签: ssl https websphere websphere-8 websphere-liberty

我希望在WebSphere Application Server Liberty Profile(WLP)上进行HTTP重定向。例如: -

当用户输入时: http://localhost:8080/helloworld,浏览器应自动转到(重定向) https://localhost:9443/helloworld

为实现这一目标,我遵循了document,第6.2节,第0页。 136。

下面是示例server.xml和web.xml: -

server.xml中 

<server description="new server">

<!-- Enable features -->
<featureManager>
    <feature>jsp-2.2</feature>
    <feature>wab-1.0</feature>
    <feature>jaxrs-1.1</feature>
    <feature>blueprint-1.0</feature>
    <feature>localConnector-1.0</feature>
    <feature>ssl-1.0</feature>
    <feature>appSecurity-2.0</feature>
</featureManager>

<httpEndpoint host="localhost" httpPort="8081" httpsPort="9442" id="defaultHttpEndpoint">
</httpEndpoint>

<applicationMonitor updateTrigger="mbean"/>
<keyStore id="defaultKeyStore" password="{xor}Lz4sLCgwLTtu"/>

<application id="Hello.app" location="Hello.app.eba" name="Hello.app" type="eba"/>

的web.xml 

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <display-name>Hello</display-name>

    <security-constraint>
        <display-name>HTTPS Redirect Security Constraint</display-name>
        <web-resource-collection>
            <web-resource-name>Sample Web Service service</web-resource-name>
            <url-pattern>/Hello</url-pattern>
            <http-method>GET</http-method>

        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
</web-app>

为了简洁,删除了<servlet><servlet-mapping>标记。

以下是我使用的版本: - Java 7,WLP 8.5.5,Eclipse Juno,谷歌浏览器。

任何有关HTTPS重定向无法正常工作的帮助,指南都将非常感激。

3 个答案:

答案 0 :(得分:3)

我怀疑问题出在您的安全约束中。看着它我会建议你改变你的url模式:

  

/ HelloWorld的

而不是:

  

/你好

如果要匹配多个资源,可以使用通配符,例如:

  1. / * - 匹配所有内容
  2. / helloworld / * - 匹配url路径中包含helloworld /的所有内容
  3. *。jsp - 匹配所有带有jsp扩展名的文件

答案 1 :(得分:3)

要使WLP上的HTTPS重定向工作,应注意以下几点: -

  1. 在WLP的server.xml中添加用户,角色和密码。
  2. 将应用程序绑定到安全角色。
  3. 在WLP的server.xml中添加appSecurity-2.0功能。
  4. web.xml中添加以下代码
    1. <login-config>
    2. <security-constraint>
    3. <security-constraint><web-resource-name></security-constraint>
    4. <security-constraint><auth-constraint></security-constraint>
    5. <security-constraint><user-data-constraint></security-constraint>

    5. 以下是详细步骤: -

    <强> 1。在WLP的server.xml中添加用户,角色和密码。 

    <basicRegistry id="MyRegistry">
    <user password="{xor}Mjo6MT4z" name="anuroop" />
    <group name="MyGroup">
        <member name="anuroop" />
    </group>
</basicRegistry>

    <强> 2。将应用程序绑定到安全角色。 

    <application id="Hello.app" location="Hello.app.eba" name="Hello.app" type="eba">
    <application-bnd>
        <security-role name="Manager">
        <group name="MyGroup" />
    </security-role>
    </application-bnd>
</application>

    第3。在WLP的server.xml中添加appSecurity-2.0功能。 

    <featureManager>
    <feature>appSecurity-2.0</feature>
</featureManager>

    4.1,4.2,4.3,4.4,4.5 

    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>BasicRegistry</realm-name>
    <form-login-config>
        <form-login-page>/Login.jsp</form-login-page>
        <form-error-page>/LoginError.jsp</form-error-page>
    </form-login-config>
</login-config>

<security-constraint>

        <display-name>HTTPS Redirect Security Constraint</display-name>
        <web-resource-collection>
            <web-resource-name>Sample Web Service service</web-resource-name>
            <url-pattern>/Hello</url-pattern>
            <http-method>GET</http-method>
        </web-resource-collection>

    <auth-constraint>
        <role-name>Manager</role-name>
    </auth-constraint>

    <user-data-constraint>
    <description>Ensure to allow only confidential communication</description>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>

</security-constraint>

答案 2 :(得分:0)

我用不同的方式解决了这个问题,但我认为接受的答案可能会更好。您可以编写servlet过滤器,然后修改web.xml以将其与路径相关联。

web.xml代码:

  <web-app id="WebApp">
      <filter>
        <filter-name>HTTPSFilter</filter-name>
        <filter-class>
        HTTPSFilter
        </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>HTTPSFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    ...
 </web-app>

过滤器代码:

public class HTTPSFilter implements Filter {
    public void doFilter(ServletRequest req, 
                         ServletResponse res,
                         FilterChain chain) throws IOException, ServletException {

        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;

        // Forward to HTTPS if insecure HTTP was used
        if(!req.getScheme().startsWith("https")) {
            // Modify the Response object to be the SSL version of the URL
            String host         = request.getLocalName();

            String URI         = request.getRequestURI();
            if(URI == null) { URI = ""; }

            String queryString  = request.getQueryString();
            if(queryString == null) { queryString = ""; }

            response.sendRedirect("https://" + host + ":9443" + URI + ("".equalsIgnoreCase(queryString) ? "":"?") + queryString);
        }

        chain.doFilter(req, res);
    }
    public void init(FilterConfig config) throws ServletException {
    }
    public void destroy() {
    }
}
相关问题
最新问题