0

NOTE: I put a bounty on this question. I was not able to put a bounty yet on a similar BUT SIMPLER question, here. It is fine if you can help with this simpler question, and then we can put the answer on this one too. In the simpler question you can create the scenario yourself quite quickly. And I also downloaded Jetty 9.1.0 -- so I don't care if it works with 9.05 or 9.10, either version is fine.

I installed Spring Security Core to get the "channel security" feature, namely to indicate which controller actions require an ssl connection.

This works fine in development mode using a Jetty server -- e.g. /cert/page1 defined at bottom, it asks to approve an https connection as expected.

When I deploy the (production) WAR file to Jetty 9 server (hosted externally), I get a redirect loop indication when I go to the same controller/action (using Chrome), or then on Firefox it also indicates "page isn't redirecting properly". I cleared cookies in Chrome just in case, and same problem.

I created an SSL certificate for the Jetty 9 server following directions (using external cert agency) and to install it I looked at various ssl articles on Jetty, and then found it appears simplest to alter the start.ini file, which I did, uncommenting the following lines and pointing to my sslcert/keystore:

 #===========================================================
 # SSL Context
 # Create the keystore and trust store for use by
 # HTTPS and SPDY
 #-----------------------------------------------------------
 jetty.keystore=sslcert/keystore
 jetty.keystore.password=xxxxx
 jetty.keymanager.password=xxxxx
 jetty.truststore=sslcert/keystore
 jetty.truststore.password=xxxxx
 jetty.secure.port=8443
 etc/jetty-ssl.xml


 #===========================================================
 # HTTPS Connector
 # Must be used with jetty-ssl.xml
 #-----------------------------------------------------------
 jetty.https.port=8443
 etc/jetty-https.xml

Is there a general way I can tell if Jetty will take any https page request? In it's log it seems to come up okay from what I did, namely:

  2013-10-04 20:48:43.520:INFO:oejs.ServerConnector:main: Started       ServerConnector@73c87405{HTTP/1.1}{0.0.0.0:80}
  2013-10-04 20:48:43.692:INFO:oejs.ServerConnector:main: Started ServerConnector@4194f034{SSL-http/1.1}{0.0.0.0:8443}

Also, for the my Config.groovy defining the secure channels I have:

grails.plugins.springsecurity.secureChannel.definition = [
  '/cert/cpnimember': 'REQUIRES_INSECURE_CHANNEL',
  '/cert/page1': 'REQUIRES_SECURE_CHANNEL',
  '/cert/page2': 'REQUIRES_SECURE_CHANNEL',
  '/cert/page3': 'REQUIRES_SECURE_CHANNEL',
  '/cert/page4': 'REQUIRES_INSECURE_CHANNEL'
]

I'm not sure how to debug this. I'd like to go to some page on my jetty 9 server that requires https/ssl just to make sure that it works without the spring-security core defined channels, but don't know what that is.

Can you provide help on how to debug this or what is wrong?

Thanks.

This question is a similar answer to the simplified question I created and offered a bounty. Now that the other question's bounty is awarded I can remove this question. BUT, it is not letting me remove or delete it, so ...

Bhargav Rao
  • 50,140
  • 28
  • 121
  • 140
Ray
  • 5,885
  • 16
  • 61
  • 97
  • is etc/jetty-https.xml correct? or is supposed to be /etc/etty-https.xml ? – Vinny Oct 09 '13 at 02:55
  • All I did were uncomment the lines in the file, didn't change the path, but I can try it with a leading "/" and will let you know if it works, thanks for the idea. – Ray Oct 09 '13 at 05:25
  • .. no it should be relative path, it's done like this all over this file. – Ray Oct 09 '13 at 05:28

1 Answers1

0

It seems to me that Jetty is redirecting an anonymous request to be logged in (authenticated) to some login screen. Does a login screen exist?

Vinny
  • 789
  • 8
  • 16
  • No, I don't see a login screen. I'm able to see my application, all is good, until I try to go to a "page" (really a controller action, like /cert/page2), that "REQUIRES_SECURE_CHANNEL", and then the browser complains "the webpage has a redirect loop". Chrome won't let me see it in debug, but firefox will, and it pulls the same page over and over. Perhaps it is some kind of port issue, but I've trying altering the various http and https port values and nothing helps. – Ray Oct 09 '13 at 04:55
  • 1
    I think the Jetty SSL instructions are lacking -- I mean they are good in explaining how to setup the certificate -- but now how to set up SSL, that's very confusing to me. In my other question -- related, but simplified -- I setup the most basic Grails app -- which takes a matter of minutes, but can't get it to work on the server either, only on my desktop running Jetty in the grails development environment. – Ray Oct 09 '13 at 04:57
  • thanks -- if you go to my other post, at the top, you can actually see the behavior on the server (live). – Ray Oct 09 '13 at 05:24