ssl.port?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

ssl.port?

Janne Jalkanen
Heya!

How do I tell shiro that my SSL sits on 8443 instead of 443, if my http port is 8080? The following does not work:

[main]
ssl.port = 8443

[urls]
/admin/** = ssl

Access to http://host:8080/admin/foo redirects to https://host:8080/admin/foo, not https://host:8443/admin/foo.

Am I misunderstanding something about the configuration?

(It looks to me like PortFilter.onAccessDenied() appends the request.getServerPort() instead of the port. If I now read this correctly [might not, this is my first foray into Shiro source], it appears that you can only have SSL on 443 or 80, or else it must be on the same port as the request itself (?))

/Janne
Reply | Threaded
Open this post in threaded view
|

Re: ssl.port?

Les Hazlewood
Administrator
Hi Janne,

I remember having a problem with this myself a while ago and I had to
come up with a custom fix.  Could you please open a Jira issue?  I can
contribute that fix back to the project - it just slipped my mind.

Thanks,

Les

On Thu, Sep 9, 2010 at 7:42 AM, Janne Jalkanen <[hidden email]> wrote:

> Heya!
>
> How do I tell shiro that my SSL sits on 8443 instead of 443, if my http port is 8080? The following does not work:
>
> [main]
> ssl.port = 8443
>
> [urls]
> /admin/** = ssl
>
> Access to http://host:8080/admin/foo redirects to https://host:8080/admin/foo, not https://host:8443/admin/foo.
>
> Am I misunderstanding something about the configuration?
>
> (It looks to me like PortFilter.onAccessDenied() appends the request.getServerPort() instead of the port. If I now read this correctly [might not, this is my first foray into Shiro source], it appears that you can only have SSL on 443 or 80, or else it must be on the same port as the request itself (?))
>
> /Janne
Reply | Threaded
Open this post in threaded view
|

Re: ssl.port?

Janne Jalkanen

Done. https://issues.apache.org/jira/browse/SHIRO-190

/Janne

On Sep 9, 2010, at 20:58 , Les Hazlewood wrote:

> Hi Janne,
>
> I remember having a problem with this myself a while ago and I had to
> come up with a custom fix.  Could you please open a Jira issue?  I can
> contribute that fix back to the project - it just slipped my mind.
>
> Thanks,
>
> Les
>
> On Thu, Sep 9, 2010 at 7:42 AM, Janne Jalkanen <[hidden email]
> > wrote:
>> Heya!
>>
>> How do I tell shiro that my SSL sits on 8443 instead of 443, if my  
>> http port is 8080? The following does not work:
>>
>> [main]
>> ssl.port = 8443
>>
>> [urls]
>> /admin/** = ssl
>>
>> Access to http://host:8080/admin/foo redirects to https://host:8080/admin/foo 
>> , not https://host:8443/admin/foo.
>>
>> Am I misunderstanding something about the configuration?
>>
>> (It looks to me like PortFilter.onAccessDenied() appends the  
>> request.getServerPort() instead of the port. If I now read this  
>> correctly [might not, this is my first foray into Shiro source], it  
>> appears that you can only have SSL on 443 or 80, or else it must be  
>> on the same port as the request itself (?))
>>
>> /Janne

Reply | Threaded
Open this post in threaded view
|

Re: ssl.port?

Les Hazlewood-2
Thanks!

On Thu, Sep 9, 2010 at 11:34 AM, Janne Jalkanen
<[hidden email]> wrote:

>
> Done. https://issues.apache.org/jira/browse/SHIRO-190
>
> /Janne
>
> On Sep 9, 2010, at 20:58 , Les Hazlewood wrote:
>
>> Hi Janne,
>>
>> I remember having a problem with this myself a while ago and I had to
>> come up with a custom fix.  Could you please open a Jira issue?  I can
>> contribute that fix back to the project - it just slipped my mind.
>>
>> Thanks,
>>
>> Les
>>
>> On Thu, Sep 9, 2010 at 7:42 AM, Janne Jalkanen <[hidden email]>
>> wrote:
>>>
>>> Heya!
>>>
>>> How do I tell shiro that my SSL sits on 8443 instead of 443, if my http
>>> port is 8080? The following does not work:
>>>
>>> [main]
>>> ssl.port = 8443
>>>
>>> [urls]
>>> /admin/** = ssl
>>>
>>> Access to http://host:8080/admin/foo redirects to
>>> https://host:8080/admin/foo, not https://host:8443/admin/foo.
>>>
>>> Am I misunderstanding something about the configuration?
>>>
>>> (It looks to me like PortFilter.onAccessDenied() appends the
>>> request.getServerPort() instead of the port. If I now read this correctly
>>> [might not, this is my first foray into Shiro source], it appears that you
>>> can only have SSL on 443 or 80, or else it must be on the same port as the
>>> request itself (?))
>>>
>>> /Janne
>
>
Reply | Threaded
Open this post in threaded view
|

Re: ssl.port?

Les Hazlewood-2
I just looked at the code for this, and I think all that is required
is to change PortFilter's line 110 from:

sb.append(request.getServerPort());

to:

sb.append(port);

That should do the trick.

I'll commit shortly.

On Thu, Sep 9, 2010 at 12:02 PM, Les Hazlewood <[hidden email]> wrote:

> Thanks!
>
> On Thu, Sep 9, 2010 at 11:34 AM, Janne Jalkanen
> <[hidden email]> wrote:
>>
>> Done. https://issues.apache.org/jira/browse/SHIRO-190
>>
>> /Janne
>>
>> On Sep 9, 2010, at 20:58 , Les Hazlewood wrote:
>>
>>> Hi Janne,
>>>
>>> I remember having a problem with this myself a while ago and I had to
>>> come up with a custom fix.  Could you please open a Jira issue?  I can
>>> contribute that fix back to the project - it just slipped my mind.
>>>
>>> Thanks,
>>>
>>> Les
>>>
>>> On Thu, Sep 9, 2010 at 7:42 AM, Janne Jalkanen <[hidden email]>
>>> wrote:
>>>>
>>>> Heya!
>>>>
>>>> How do I tell shiro that my SSL sits on 8443 instead of 443, if my http
>>>> port is 8080? The following does not work:
>>>>
>>>> [main]
>>>> ssl.port = 8443
>>>>
>>>> [urls]
>>>> /admin/** = ssl
>>>>
>>>> Access to http://host:8080/admin/foo redirects to
>>>> https://host:8080/admin/foo, not https://host:8443/admin/foo.
>>>>
>>>> Am I misunderstanding something about the configuration?
>>>>
>>>> (It looks to me like PortFilter.onAccessDenied() appends the
>>>> request.getServerPort() instead of the port. If I now read this correctly
>>>> [might not, this is my first foray into Shiro source], it appears that you
>>>> can only have SSL on 443 or 80, or else it must be on the same port as the
>>>> request itself (?))
>>>>
>>>> /Janne
>>
>>
>