geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: jetty transport-guarantee behavior?
Date Mon, 30 Jan 2006 23:35:52 GMT

On Jan 30, 2006, at 2:11 PM, toby cabot wrote:

> Hi Folks,
>
> I've got an application that I'm running over HTTPS and I'd like to
> make it so that users can't connect to it over plain old HTTP.  I
> think that the web.xml user-data-constraint/transport-guarantee
> element is what I'm after but I have a question about its behavior.
> When I set it to CONFIDENTIAL and make a request over HTTPS then all's
> well, and when I make the same request over HTTPS I get a 403.  I
> suppose that this is OK, if somewhat user-hostile, but I can probably
> work around it using a listener or some such.  I was poking around in
> JettyConnector.java, however, and it looks like it's trying to
> configure a few parameters to make Jetty automatically redirect HTTP
> requests over to HTTPS, but I'm not getting that behavior.

I have experienced this too and didn't find a solution.  It looked to  
me as if it should work, but it didn't.  On the other hand I couldn't  
convince myself that the spec required a redirect.  Maybe a greg or  
another jetty expert can explain how it is supposed to work?

thanks
david jencks

>
> So my question is: how do I enable the auto-redirect behavior?  Is
> there a flag in a plan file that I need to set?
>
> Thanks,
> Toby


Mime
View raw message