Jboss 中的 HTTPS 配置

发布于 2024-09-15 04:14:54 字数 1030 浏览 3 评论 0原文

我正在使用 JBoss 4.2。我希望通过 HTTPS 访问特定的 URL 模式。我使用了自认证的密钥库文件，问题是：一旦访问了 HTTPS url，网站中的所有其他网址都通过 HTTPS，有什么问题吗？

更新：我发现了问题。我使用相对路径来引用资源，所以一旦url更改为HTTPS，所有后续链接都以HTTPS开头，那么我是否必须在HTTPS网页中使用绝对路径？

我的配置是这样的：在 web.xml 中：

<security-constraint>
    <web-resource-collection>
        <web-resource-name>artists.jsp</web-resource-name>
        <url-pattern>/artists.*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

在 server.xml 中：

<Connector port="8443" 
   scheme="https"     
   secure="true"    
   clientAuth="false"  
   keystoreFile="${jboss.server.home.dir}/conf/server.keystore"  
   keystorePass="changeit"  
   sslProtocol = "TLS" />

原文

I am using JBoss 4.2. And I'd like a certain URL pattern to be visited through HTTPS.
I used self-certificated keystore file,and the problem is: once the HTTPS url is visited,
all others urls in the site are all go through HTTPS, what's the problem?

updated: I found out the problem. I used relative path to references to the resources, so once the url change to HTTPS, all the subsequent links are all started with HTTPS, so do I have to use absolute path in HTTPS web pages?

My configuration is like this:
in web.xml :

<security-constraint>
    <web-resource-collection>
        <web-resource-name>artists.jsp</web-resource-name>
        <url-pattern>/artists.*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

in server.xml :

<Connector port="8443" 
   scheme="https"     
   secure="true"    
   clientAuth="false"  
   keystoreFile="${jboss.server.home.dir}/conf/server.keystore"  
   keystorePass="changeit"  
   sslProtocol = "TLS" />

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

·深蓝 2024-09-22 04:14:54

不幸的是，是的，由于 URL 以协议（http、https）开头，因此您需要绝对路径在它们之间进行切换。

我的建议是：编写一个静态方法，将您的 URL 格式化为完全合格的，并引入一些命名约定，例如所有以 ig _sec 开头的页面都应与 https 一起使用。

伪代码（未经测试只是为了说明基本思想）：

public static String fmtURL(String relpath) {
    String url = relparth.startsWith( "_sec" ) ? "https://":"http://";
    url += hostname;                        // from a configfile
    if ( relparth.startsWith( "_sec" ) {
        url += ":443";
    }
    url += relpath;
    return url;
}

Unfortunatly yes, since an URL start with the protocol (http,https) you need absolute paths to switch between them.

My recommendation is: write a static method which formats your URLs fuly quallified and introduce some nameing convention like all pages starting with i.g. _sec are meant to be used with https.

Pseudocode (not tested just to illustrate the basic idea):

public static String fmtURL(String relpath) {
    String url = relparth.startsWith( "_sec" ) ? "https://":"http://";
    url += hostname;                        // from a configfile
    if ( relparth.startsWith( "_sec" ) {
        url += ":443";
    }
    url += relpath;
    return url;
}

回复收藏 0 原文

~没有更多了~