English
Türkçe
Apache URL rewriting is black magic. I have recently used it to enable SSL for a selected set of pages in a portal. Typically each portal page hosts many portlets and when we connect to a page, there each page request/response carries all the data for these portlets. When we would like to have SSL connectivity for a portlet, we have to access the complete page via SSL. We cannot choose some of portlets to work with SSL. We can only decide if the complete page request/response to work with SSL . When the page is ssl, all of the portlet in that page supports an SSL connection.
To summarize, we must choose on of theese options:
1) All of the portlets in the page works with SSL
2) None of the portlets in a page has SSL.
Assume we would like to go with option 1, browser-server connection must be SSL (i.e. URL starts with “https://”). The truth is what I describe here is not about portlet development, it is about securing page using URL rewriting features of the Apache web server.
The solution is simple and generic: Use a web server infront of the application server for ssl support you can use apache web server for this purpose.
Here is the basic steps for this style of SSL configuration
1) Download XAMPP , activate SSL module. It is the simplest way to instal and get started with Apache web server.
2) Open xamppapacheconfextrahttpd-proxy.conf and add these lines to the file
ProxyVia On ProxyPass /portal/ http://localhost:8080/portal/ ProxyPassReverse /portal/ http://localhost:8080/portal/ ProxyPreserveHost On
Meaning: When a url starts with “/portal”, forward it to the “http://localhost:8080/portal/ “, i.e. Apache Tomcat running you web application.
2) Open xamppapacheconfhttpd.conf file and add these lines to the end of file to enable URL rewriting:
RewriteEngine on</div>
RewriteCond %{SERVER_PORT} !^443$</div>
RewriteRule ^/portal/secure(/.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]</div>
Meaning:, If the port is not equal 443 (SSL) and url starts with “/portal/secure” , then change the URL to https and redirect it to the https connection.
Configuration is done.
Lets try with an example.
Assume that the application server runs at http://localhost:8480
and the url of a page that contains your portlets starts with /portal/secure/testssl.
Try connecting to http://localhost/portal/secure/testssl , the web server will redirect you to https://localhost/portal/secure/testssl adress.
This is a secure connection because it starts with “https://”.
So, what happened? How did the http connection become a https connection?
1) Apache checks the url, port is not 443 and and that it starts with portal/secure, it is redirected to the https connection,
2) When https connection made , apache checks url, and if it starts with /portal, it is forwarded to Tomcat (localhost:8480/portal).
With this solution , browset-apache connection has SSL support (internet) , but apache-application server connection (internal network) is plain http.
