user2066880
Reputation: 5034
Jetty: Configure SSL connector to only serve specific resource(s)
Apologies in advance if I'm using terms incorrectly, I'm not familiar with Jetty.
I've attached an SSL connector to my Jetty server. Now, my public resources are accessible through both http and https. I would like to restrict the resources served from https, preferably by checking against some URI pattern. How would I accomplish this?
Upvotes: 0
Views: 39
Answers (1)
Joakim Erdfelt
Reputation: 49452
Use the standard servlet <security-constraint> configurations in your WEB-INF/web.xml
Example:
<security-constraint>
<web-resource-collection>
<web-resource-name>Force SSL on /private/ url-patterns</web-resource-name>
<url-pattern>/private/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Upvotes: 1
Related Questions
- Jetty: How to use SSL in Jetty client side
- Is there a way to force Jetty to only use HTTPS?
- Jetty - ipaccess per connector?
- In Jetty, how to support certificate authentication only on a subset of API
- Configure SSL on Jetty
- How to configure jetty to request client certificate for specified resources?
- How do I disallow particular SSL protocols in Jetty?
- Jetty configuration to disable all SSL checks
- Jetty HTTP Client with SSL
- Jetty require SSL client certificate by URL