glassfish
  1. glassfish
  2. GLASSFISH-10281

automagic redirect if the admin listener is secured

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: V3
    • Fix Version/s: 3.1_b36
    • Component/s: admin
    • Labels:
      None
    • Environment:

      Operating System: Mac OS X
      Platform: Macintosh

    • Issuezilla Id:
      10,281

      Activity

      Hide
      vince kraemer added a comment -

      while it could be considered a regression... I guess I will think of it as an enhancement.

      Show
      vince kraemer added a comment - while it could be considered a regression... I guess I will think of it as an enhancement.
      Hide
      Anissa Lam added a comment -

      This enhancement is beyond GUI
      Lets start with web container.

      Show
      Anissa Lam added a comment - This enhancement is beyond GUI Lets start with web container.
      Hide
      jluehe added a comment -

      ...

      Show
      jluehe added a comment - ...
      Hide
      oleksiys added a comment -

      I think I've replied on the thread.
      Do we need anything additional from Grizzly side?

      Show
      oleksiys added a comment - I think I've replied on the thread. Do we need anything additional from Grizzly side?
      Hide
      vince kraemer added a comment -

      this is what oleksiys 'put in the thread'

      it is probably easier to find it here for folks working on this issue...

      actually we have this feature (port-unification) supported, but we don't have corresponding CLI
      commands for it, so it's not public.
      Here how you can configure admin protocol to support automatic http->https redirection.

      <protocol name="admin-listener">
      <port-unification>
      <protocol-finder protocol="admin-listener-http"
      classname="com.sun.grizzly.config.HttpProtocolFinder" name="http-finder" />
      <protocol-finder protocol="http-redirect"
      classname="com.sun.grizzly.config.HttpProtocolFinder" name="http-redirect" />
      </port-unification>
      </protocol>

      <protocol security-enabled="true" name="admin-listener-http">
      <http max-connections="250" default-virtual-server="__asadmin" server-name="">
      <file-cache enabled="false" />
      </http>
      <ssl ssl3-enabled="false" cert-nickname="s1as" />
      </protocol>

      <protocol name="http-redirect">
      <protocol-chain-instance-handler>
      <protocol-chain>
      <protocol-filter classname="com.sun.grizzly.config.HttpRedirectFilter" name="redirect-filter"
      />
      </protocol-chain>
      </protocol-chain-instance-handler>
      </protocol>
      .....

      Show
      vince kraemer added a comment - this is what oleksiys 'put in the thread' it is probably easier to find it here for folks working on this issue... actually we have this feature (port-unification) supported, but we don't have corresponding CLI commands for it, so it's not public. Here how you can configure admin protocol to support automatic http->https redirection. <protocol name="admin-listener"> <port-unification> <protocol-finder protocol="admin-listener-http" classname="com.sun.grizzly.config.HttpProtocolFinder" name="http-finder" /> <protocol-finder protocol="http-redirect" classname="com.sun.grizzly.config.HttpProtocolFinder" name="http-redirect" /> </port-unification> </protocol> <protocol security-enabled="true" name="admin-listener-http"> <http max-connections="250" default-virtual-server="__asadmin" server-name=""> <file-cache enabled="false" /> </http> <ssl ssl3-enabled="false" cert-nickname="s1as" /> </protocol> <protocol name="http-redirect"> <protocol-chain-instance-handler> <protocol-chain> <protocol-filter classname="com.sun.grizzly.config.HttpRedirectFilter" name="redirect-filter" /> </protocol-chain> </protocol-chain-instance-handler> </protocol> .....
      Hide
      oleksiys added a comment -

      I think Tim is implementing this on the admin side.

      Show
      oleksiys added a comment - I think Tim is implementing this on the admin side.
      Hide
      Tim Quinn added a comment -

      I am almost positive that the request mentioned in the linked forum post has been satisfied by secure admin in 3.1, so I am closing this issue.

      The link is to a post in the old forum. I have searched for a corresponding post in the new forum without success, just to be sure, so I have separately asked Vince to help me find the post in the new forum or to restate the request so we can be sure we've met it. If we have not met the request we can re-open this issue.

      Show
      Tim Quinn added a comment - I am almost positive that the request mentioned in the linked forum post has been satisfied by secure admin in 3.1, so I am closing this issue. The link is to a post in the old forum. I have searched for a corresponding post in the new forum without success, just to be sure, so I have separately asked Vince to help me find the post in the new forum or to restate the request so we can be sure we've met it. If we have not met the request we can re-open this issue.
      Hide
      Tim Quinn added a comment -

      Thanks to Vince for this link to the forum post:

      http://java.net/projects/glassfish/lists/users/archive/2009-10/message/373

      This is indeed handled now by secure admin in 3.1.

      Show
      Tim Quinn added a comment - Thanks to Vince for this link to the forum post: http://java.net/projects/glassfish/lists/users/archive/2009-10/message/373 This is indeed handled now by secure admin in 3.1.

        People

        • Assignee:
          Tim Quinn
          Reporter:
          vince kraemer
        • Votes:
          0 Vote for this issue
          Watchers:
          1 Start watching this issue

          Dates

          • Created:
            Updated:
            Resolved: