Jetty 9.2.1 redirect http to https

Question

can someone help migrating the code from jetty 8 to 9.2.1.

I need to have jetty listening on port 80 (http) and redirect every request to 443 (https).

this is the code for jetty 8, but it doesn’t work on 9.2.1. Version 9 uses ServerConnector but I cant find examples on how to use the setConfidentialPort property.

Server server = new Server();

//Create a connector on port 80 to listen for HTTP requests
SelectChannelConnector httpConnector = new SelectChannelConnector();
httpConnector.setPort(80);
server.addConnector(httpConnector);

//Create a connector on port 443 to listen for HTTPS requests
SslSocketConnector httpsConnector = new SslSocketConnector();
httpsConnector.setPort(443);
httpsConnector.setKeystore("name_of_the_keystore");
httpsConnector.setPassword("password_for_the_keystore");
httpsConnector.setKeyPassword("password_for_the_key");
server.addConnector(httpsConnector);

//Redirect the HTTP requests to HTTPS port
httpConnector.setConfidentialPort(443);

Answer 1

Had trouble with this myself. I figured it out by converting an example using web.xml found at https://serverfault.com/questions/367660/how-to-have-jetty-redirect-http-to-https into the following:

Basically you have to add a security constraint that forces all data from all paths to be confidential or else throw a !403 error. Then you configure your http connector to redirect all !403 errors to https:

Server server = new Server();

// HTTP Configuration
HttpConfiguration http_config = new HttpConfiguration();
http_config.addCustomizer(new SecureRequestCustomizer());

//these two settings allow !403 errors to be redirected to https
http_config.setSecureScheme("https");
http_config.setSecurePort(443);

//setup the secure config using the original http config + SecureRequestCustomizer
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());

// SSL Context Factory - tells how to access certificate info
SslContextFactory sslContextFactory = new SslContextFactory();
 sslContextFactory.setKeyStorePath(EmbeddedJetty.class.getResource("/keystore.jks").toExternalForm());
sslContextFactory.setKeyStorePassword("keystorepassword");
sslContextFactory.setKeyManagerPassword("keymanagerpassword");

//Create a connector on port 80 to listen for HTTP requests (that will get redirected)
ServerConnector httpConnector = new ServerConnector(server);
httpConnector.addConnectionFactory(new HttpConnectionFactory(http_config));
httpConnector.setPort(80);

//Connector on port 443 for HTTPS requests
ServerConnector sslConnector = new ServerConnector(server,
        new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()),
        new HttpConnectionFactory(https_config));
sslConnector.setPort(443);

//setup the constraint that causes all http requests to return a !403 error
ConstraintSecurityHandler security = new ConstraintSecurityHandler();        

Constraint constraint = new Constraint();
constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);

//makes the constraint apply to all uri paths        
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec( "/*" );
mapping.setConstraint( constraint );

security.addConstraintMapping(mapping);

//in my case I also define a ServletContextHandler for managing SpringMVC beans
//that I daisy-chain into the security handler like so:
//security.setHandler(servletContextHandler);

server.setHandler(security);
server.setConnectors(new Connector[] { httpConnector, sslConnector });

server.start();
server.join();

Answer 2

In jetty 9.3 use SecuredRedirectHandler:

public class Server extends org.eclipse.jetty.server.Server {

    public Server(int httpPort, boolean enableSsl, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword, ...) {
        initConnector(httpPort, enableSsl, httpsPort, keystorePath, keystorePassword, keyManagerPassword);
        ...
    }

    private void initConnector(int httpPort, boolean enableSsl, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword) {
        if (enableSsl) {
            final HttpConfiguration httpConfig = getHttpConfig(httpsPort);
            final HttpConfiguration httpsConfig = getHttpsConfig(httpConfig);
            final ServerConnector httpConnector = getHttpConnector(httpConfig, httpPort);
            final ServerConnector httpsConnector = getHttpsConnector(httpsConfig, httpsPort, keystorePath, keystorePassword, keyManagerPassword);

            setConnectors(httpConnector, httpsConnector);
            addHandler(new SecuredRedirectHandler());
        } else {
            final ServerConnector serverConnector = new ServerConnector(this);

            serverConnector.setPort(httpPort);

            addConnector(serverConnector);
        }
    }

    private void setConnectors(ServerConnector httpConnector, ServerConnector httpsConnector) {
        setConnectors(new Connector[]{httpConnector, httpsConnector});
    }

    private ServerConnector getHttpsConnector(HttpConfiguration httpsConfig, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword) {
        final SslContextFactory sslContextFactory = new SslContextFactory();

        sslContextFactory.setKeyStorePath(keystorePath);
        sslContextFactory.setKeyStorePassword(keystorePassword);
        sslContextFactory.setKeyManagerPassword(keyManagerPassword);
        sslContextFactory.setTrustStorePath(keystorePath);
        sslContextFactory.setTrustStorePassword(keystorePassword);

        final ServerConnector httpsConnector = new ServerConnector(this,
                new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
                new HttpConnectionFactory(httpsConfig));

        httpsConnector.setPort(httpsPort);

        return httpsConnector;
    }

    private ServerConnector getHttpConnector(HttpConfiguration httpConfig, int httpPort) {
        final ServerConnector httpConnector = new ServerConnector(this);

        httpConnector.addConnectionFactory(new HttpConnectionFactory(httpConfig));
        httpConnector.setPort(httpPort);

        return httpConnector;
    }

    private HttpConfiguration getHttpsConfig(HttpConfiguration httpConfig) {
        final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);

        httpsConfig.addCustomizer(new SecureRequestCustomizer());

        return httpsConfig;
    }

    private HttpConfiguration getHttpConfig(int httpsPort) {
        final HttpConfiguration httpConfig = new HttpConfiguration();

        httpConfig.addCustomizer(new SecureRequestCustomizer());
        httpConfig.setSecureScheme(HttpScheme.HTTPS.asString());
        httpConfig.setSecurePort(httpsPort);

        return httpConfig;
    }

    private void addHandler(Handler handler) {
        final Handler currentHandler = getHandler();
        if (currentHandler == null) {
            setHandler(handler);
        } else {
            if (currentHandler instanceof HandlerList) {
                ((HandlerList) currentHandler).addHandler(handler);
            } else {
                final HandlerList handlerList = new HandlerList();

                handlerList.addHandler(currentHandler);
                handlerList.addHandler(handler);

                setHandler(handlerList);
            }
        }
    }
}