SSL redirect in Jboss7 in Linux (Cent OS)

How to redirect page in jboss7 to HTTPS.

Description: I have a Http page... Whenever I click on login page, it should be redirected to a secure page in JBoss7

Environment : Centos, Jboss7AS Final.
gunasekharyalamuriAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Within apache's Virtualhost for this site, you can define a redirect to send all requests to https://
You could limit which sub
http://www.yourdomain.com/jboss will auto redirect to https://www.yourdomain.com/jboss

If you have/control the form where the credentials are being submitted, make sure it is using an explicit action=https://.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gunasekharyalamuriAuthor Commented:
can i get an example regarding this means i can look into it.
0
arnoldCommented:
Do you have two virtualHost entries one for :80 and one for :443?

make sure you have redirect option

<VirtualHost *:80>
Servername www.yoursite.com

RedirectMatch /jboss_path/(.*) https://www.yoursite.com/jboss_path/$1

.
.
.
.
</VirtualHost>


0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

gunasekharyalamuriAuthor Commented:
Below one i am using in same your.conf but i am not able to redirect

<VirtualHost 192.168.1.2:80>
               ServerName ab.your.com

        ErrorLog /var/log/httpd/ab.your.com-error.log
        # Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
        CustomLog /var/log/httpd/ab.your.com-access.log common env=!dontlog

        # Redirect to proper start page.
        RewriteEngine On
       RewriteRule ^/$ /Project2/login2.action [R=301,L]


        ProxyRequests Off
        ProxyPreserveHost On

        <Proxy *>
        Order deny,allow
        Allow from all
        </Proxy>

        # ProxyPass to the jboss instance
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/

        <Location />
        Order allow,deny
        Allow from all
       </Location>
</VirtualHost>




NameVirtualHost 192.168.1.2:443
<VirtualHost 192.168.1.2:443>
       ServerAlias ab.your.com

        SSLEngine On
        SSLCertificateFile /etc/pki/tls/certs/www.your.com.x509
        SSLCertificateKeyFile /etc/pki/tls/private/your.com.key
        SSLCertificateChainFile  /etc/pki/tls/certs/verisign.intermediate.crt

        ErrorLog /var/log/httpd/your-ssl.error.log
        # Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
        CustomLog /var/log/httpd/your-ssl.access.log common env=!dontlog

        # Redirect to proper start page.
        RewriteEngine On
       RewriteRule ^/$ /Project2/login2.action [R=301,L]

        ProxyRequests Off
        ProxyPreserveHost On

        <Proxy *>
        Order deny,allow
        Allow from all
        </Proxy>

        # ProxyPass to the jboss instance
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/

        <Location />
        Order allow,deny
        Allow from all
        </Location>
</VirtualHost>
0
arnoldCommented:
You are rewriting access to one file to apear as another.
Why are you proxying from both?

Do you need to access jboss in a non-secure method?

mod_alias and the example I provided would do what you want.

http://httpd.apache.org/docs/2.0/mod/mod_alias.html

NameVirtual host needs only be defined once and is only referencing an IP not port.

An SSL can not be name based and should use the IP:443 in the virutalhost entry.

use httpd -M to see whether mod_alias or alias_module is loaded on your server since this is the module on which RedirectMatch relies.

you could also use redirectpermanent if the only access to port 80 should auto redirect all requests to a secure connection.

http://httpd.apache.org/docs/2.0/mod/mod_alias.html



NameHosts 192.168.1.2


<VirtualHost *:80>
               ServerName ab.your.com

        ErrorLog /var/log/httpd/ab.your.com-error.log
        # Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
        CustomLog /var/log/httpd/ab.your.com-access.log common env=!dontlog

        # Redirect to proper start page.
#        RewriteEngine On
#       RewriteRule ^/$ /Project2/login2.action [R=301,L]
RedirectMatch ^/.*$ https://ab.yourdomain.com/Project2/login2.action


#        ProxyRequests Off
#        ProxyPreserveHost On
#
#        <Proxy *>
#        Order deny,allow
#        Allow from all
#        </Proxy>
#
#        # ProxyPass to the jboss instance
#        ProxyPass / http://localhost:8080/
#        ProxyPassReverse / http://localhost:8080/

        <Location />
        Order allow,deny
        Allow from all
       </Location>
</VirtualHost>



<VirtualHost 192.168.1.2:443>
       ServerAlias ab.your.com

        SSLEngine On
        SSLCertificateFile /etc/pki/tls/certs/www.your.com.x509
        SSLCertificateKeyFile /etc/pki/tls/private/your.com.key
        SSLCertificateChainFile  /etc/pki/tls/certs/verisign.intermediate.crt

        ErrorLog /var/log/httpd/your-ssl.error.log
        # Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
        CustomLog /var/log/httpd/your-ssl.access.log common env=!dontlog

        # Redirect to proper start page.
        RewriteEngine On
       RewriteRule ^/$ /Project2/login2.action [R=301,L]

        ProxyRequests Off
        ProxyPreserveHost On

        <Proxy *>
        Order deny,allow
        Allow from all
        </Proxy>

        # ProxyPass to the jboss instance
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/

        <Location />
        Order allow,deny
        Allow from all
        </Location>
</VirtualHost>

Open in new window

0
gunasekharyalamuriAuthor Commented:
Is this example will work, why because i have tried with similar example,My question is their any other setting we need to do in JBoos& for thsi redirecting.
0
arnoldCommented:
No since JBOSS is being proxied the enforcement has to occur through apache.

Access the site and see whether any responses reference the jboss application directly i.e. http://ab.your.com:8080

Did you disable the proxying on the unsecured virtualHost entry as I have?

your inclusion of the proxy within the :80 entries may overtake the redirect.
Check the access_log for port 80
/var/log/httpd/your-ssl.access.log and see what it is reporting when you access, does it redirect or does it proxy the request?
0
gunasekharyalamuriAuthor Commented:
Thanks,Let me conform once i have checked with redirecting.
0
arnoldCommented:
Also a rewrite merely direct the server to access a different set of files rather than altering the mode of communications from unsecured (http) to secured(https)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.