Topic
1 reply Latest Post - ‏2013-07-22T18:23:51Z by bergmark
claudef
claudef
7 Posts
ACCEPTED ANSWER

Pinned topic HTTPS Redirect based on Web Content Folder Structure

‏2013-07-20T23:34:54Z |

My Liberty appliction works with an entry panel that is normal HTTP mode pointing to folder /public and should redirect the LOGIN screen into a secure HTTPS mode from folder /public/secure, which runs the aplication screens in a secure mode. User authentication works through LDAP. Once the autentication is done there should be an ongoing access protection for folder /public/secure, following a similar structure as the previous Smash server technology. Is there an example available that illustrates the HTTPS redirect process in the setup files server.xml and web.xml?

For now I've disabled the HTTP access in the server.xml, forcing the HTTPS mode.

 <httpEndpoint host="*" httpPort="-1" httpsPort="9443" id="defaultHttpEndpoint" tcpOptionsRef="${server.config.dir}"/>           
 <keyStore id="defaultKeyStore" password="{xor}xxxxxxxxxxxxxxxxxx" />  

Is there a better setup available that leaves /public open for access and protects /public/secure?

Thanks in advance for your thoughts and feedback. 

Claude

  • bergmark
    bergmark
    42 Posts
    ACCEPTED ANSWER

    Re: HTTPS Redirect based on Web Content Folder Structure

    ‏2013-07-22T18:23:51Z  in response to claudef

    One option might be to define a security-constraint in your web.xml for /public/secure with a CONFIDENTIALtransport-guarantee.