http - Jetty 9.2.1 将 http 重定向到 https

Question

谁能帮忙把代码从 jetty 8 迁移到 9.2.1。

我需要让 jetty 监听端口 80 (http) 并将每个请求重定向到 443 (https)。

这是 jetty 8 的代码，但在 9.2.1 上不起作用。版本 9 使用 ServerConnector，但我找不到有关如何使用 setConfidentialPort 属性的示例。

Server server = new Server();

//Create a connector on port 80 to listen for HTTP requests
SelectChannelConnector httpConnector = new SelectChannelConnector();
httpConnector.setPort(80);
server.addConnector(httpConnector);

//Create a connector on port 443 to listen for HTTPS requests
SslSocketConnector httpsConnector = new SslSocketConnector();
httpsConnector.setPort(443);
httpsConnector.setKeystore("name_of_the_keystore");
httpsConnector.setPassword("password_for_the_keystore");
httpsConnector.setKeyPassword("password_for_the_key");
server.addConnector(httpsConnector);

//Redirect the HTTP requests to HTTPS port
httpConnector.setConfidentialPort(443);

Answer 1

我自己也遇到过这个问题。我通过使用在 https://serverfault.com/questions/367660/how-to-have-jetty-redirect-http-to-https 找到的 web.xml 转换示例来解决这个问题进入以下内容:

基本上，您必须添加一个安全约束，强制所有路径的所有数据保密，否则会抛出 !403 错误。然后配置 http 连接器将所有 !403 错误重定向到 https:

Server server = new Server();

// HTTP Configuration
HttpConfiguration http_config = new HttpConfiguration();
http_config.addCustomizer(new SecureRequestCustomizer());

//these two settings allow !403 errors to be redirected to https
http_config.setSecureScheme("https");
http_config.setSecurePort(443);

//setup the secure config using the original http config + SecureRequestCustomizer
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());

// SSL Context Factory - tells how to access certificate info
SslContextFactory sslContextFactory = new SslContextFactory();
 sslContextFactory.setKeyStorePath(EmbeddedJetty.class.getResource("/keystore.jks").toExternalForm());
sslContextFactory.setKeyStorePassword("keystorepassword");
sslContextFactory.setKeyManagerPassword("keymanagerpassword");

//Create a connector on port 80 to listen for HTTP requests (that will get redirected)
ServerConnector httpConnector = new ServerConnector(server);
httpConnector.addConnectionFactory(new HttpConnectionFactory(http_config));
httpConnector.setPort(80);

//Connector on port 443 for HTTPS requests
ServerConnector sslConnector = new ServerConnector(server,
        new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()),
        new HttpConnectionFactory(https_config));
sslConnector.setPort(443);

//setup the constraint that causes all http requests to return a !403 error
ConstraintSecurityHandler security = new ConstraintSecurityHandler();        

Constraint constraint = new Constraint();
constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);

//makes the constraint apply to all uri paths        
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec( "/*" );
mapping.setConstraint( constraint );

security.addConstraintMapping(mapping);

//in my case I also define a ServletContextHandler for managing SpringMVC beans
//that I daisy-chain into the security handler like so:
//security.setHandler(servletContextHandler);

server.setHandler(security);
server.setConnectors(new Connector[] { httpConnector, sslConnector });

server.start();
server.join();