1

We have a load-balancer sitting in front of two JBoss AS7 servers. The load-balancer handles the SSL handshake and forces all traffic over https (http requests are redirected to https requests), the AS nodes do not have certificates on them and traffic between load balancer and servers is unencrypted, the AS nodes know nothing about the SSL.

When a user hits a protected page the AS presents them with a login page. User enters credentials and submits the login form. The AS logs user in and then sends a redirect to the user to send them to the desired page. The redirect sent by the AS is an HTTP redirect. This gets grabbed by the load-balancer and redirected to HTTPS but I really want to avoid that second redirect. How can I tell the AS to return HTTPS redirect after login instead of HTTP?

Stinger
  • 160
  • 1
  • 10

1 Answers1

2

After much searching I found that when sending a relative url redirect JBoss AS7 auto converts it to an absolute url before returning a response to the client. JBoss makes internal calls to request.getScheme() and request.getPort() to determine how to build the absolute url. The return value of those calls is controlled by the standalone.xml file via the connector tag under the web:1.1 subsystem.

This is the default connector that ships in the standalone.xml file:

<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>

The scheme attribute on that tag is the return value of request.getScheme() and even though the communication between the load-balancer and the AS7 node is over HTTP you can tell JBoss that the scheme to append to absolute urls is HTTPS, you can also specify the proxy-port:

<connector name="http" protocol="HTTP/1.1" scheme="https" socket-binding="http" proxy-port="443"/>

Now when you tell jboss to send a redirect to /some/url.html the client recieves https://domain-name/some/url.html and everything works peachy.

Stinger
  • 160
  • 1
  • 10