Reputation: 4175
How to prevent redirection to SSL port with weblogic?
I have a webapp in a Weblogic (10.3) application. Weblogic listens on port 7001 for regular connections and 7002 for SSL connections.
The application is behind a Sun ONE web server (a.k.a. iPlanet) 6.1, that listens on port 80 for HTTP request and 443 for HTTPS requests, and redirects to the appropriate weblogic port.
I would like my webapp to run only on secure connections, so I have added a security-constraint in my web.xml file:
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
This redirects correctly incoming requests to HTTPS, but also appends the weblogic port to the URL. For example, the incoming request http://example.com/ is redirected to https://example.com:7002/. This is a problem because:
- I don't want the user to see that port
- More importantly, the static resources are not displayed because the webserver doesn't know how to serve them (it expects SSL requests on port 443).
- Anyway in production there will be an SSL offloader and I am not sure Weblogic will even listen to a SSL port, so it will likely not work at all.
Is there a way to configure the redirection so that the incoming URL is not touched except for the protocol? That is so that http://example.com/ would be redirected to https://example.com/?
This is basically the same question as How to avoid redirecting to SSL port, but for Weblogic. Ideally it should be a webapp-specific solution, but I am also open to application-wide or worst case server-wide solutions.
Upvotes: 4
Views: 9458
Answers (2)
Reputation: 285
we have webserver, f5 in front of weblogic as well. our weblogic did not enable ssl listerning at all, other device take care of ssl. but since the new requirement need us to use secure cookie, we have to automatically redirect http to https, below is what we do
- enable ssl listening in weblogic console
- set frontend-https-port to 443
when enable ssl listening (default is 7002) , weblogic will automatically redirect http to https accoring to web.xml configuration ( CONFIDENTIAL) frontend-https-port will override 7002 with 443.
Upvotes: 1
Reputation: 913
You can set the frontendhost value and a secure port value, this can be set at a domain/server level
This will ensure your servers ip and port are not appended to the url.
Also did you set the WebLogic Plug-in Enabled Control in WebLogic Server ?
Upvotes: 4
Related Questions
- Redirect on weblogic
- Weblogic application switches back to http after secure login via https
- Weblogic redirecting https to http
- Weblogic dont detect https from load balancer
- Modifiying Weblogic Server to use TLS
- enabling HTTPs on weblogic server not working
- enabling SSL on weblogic
- Avoid HTTP to HTTPS redirection in Weblogic
- How to redirect http request to https on websphere application server
- How to avoid redirecting to SSL port