It's taken more time to get back to this topic but it's time. In part 1, I covered how to set up GlassFish to push all HTTP traffic to HTTPS. In this post, I'll show you how to set up the reverse. In the next post, I'll cover how to configure GlassFish to serve up multiple protocols from the same port. The steps are basically the same so this will be a short one. Similar to last time, we'll issue a few simple commands:
asadmin create-protocol --securityenabled=true https-redirect asadmin create-protocol-filter --protocol https-redirect --classname com.sun.grizzly.config.HttpRedirectFilter redirect-filter asadmin create-ssl --certname s1as --type network-listener --ssl2enabled false --ssl3enabled false --clientauthenabled false https-redirect asadmin create-protocol pu-protocol asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-listener-1 --classname com.sun.grizzly.config.HttpProtocolFinder http-finder asadmin create-protocol-finder --protocol pu-protocol --target-protocol https-redirect --classname com.sun.grizzly.config.HttpProtocolFinder https-redirect asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.protocol=pu-protocol asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.enabled=true
This should familiar if you've read part 1. We do a little extra work to set up some ssl config elements primarily to preserve the standard settings in case you want to roll back these changes when you're done. If you do, you simply need to delete those new protocol elements.
To see it in action, simply issue the following command:
wget -q -S --no-check-certificate https://localhost:8181/
You should see something like the following:
HTTP/1.1 302 Moved Temporarily Location: http://localhost:8181/ Connection:close Cache-control: private HTTP/1.1 200 OK X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1-SNAPSHOT Java/Apple Inc./1.6) Server: GlassFish Server Open Source Edition 3.1-SNAPSHOT Accept-Ranges: bytes ETag: W/"5212-1279828070000" Last-Modified: Thu, 22 Jul 2010 19:47:50 GMT Content-Type: text/html Content-Length: 5212 Date: Fri, 23 Jul 2010 16:50:22 GMT Connection: Keep-Alive
As you can see, the https request received an initial 302 response pushing off to the http url which then returns the 200 response we'd expect. To verify even further, use wget to fetch the http url and you'll see something like this:
HTTP/1.1 200 OK X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1-SNAPSHOT Java/Apple Inc./1.6) Server: GlassFish Server Open Source Edition 3.1-SNAPSHOT Accept-Ranges: bytes ETag: W/"5212-1279828070000" Last-Modified: Thu, 22 Jul 2010 19:47:50 GMT Content-Type: text/html Content-Length: 5212 Date: Fri, 23 Jul 2010 16:57:31 GMT Connection: Keep-Alive
That's it. As promised, short and sweet. Currently this approach does not allow you redirect to a different port number. We have added a new configuration element that simplifies this setup and allows for cross-port redirects. However since there isn't asadmin support for it yet, I'll defer discussion until we can get those commands written. That's in the works so it should be in the next week or two.
With that, though, I'll wrap this one up and start working on the more interesting Part 3.