colinj
Contributor
Contributor

Orchestrator Configuration - redirecting http to https

Before I go digging through the bowels of JBoss I thought I would ask here about the right way to redirect all http traffic to https for Orchestrator. I want to ensure that when someone wants to access a workflow they are forced to go through the https port even if they use http in the connection string.

Does anyone have any thoughts on this? Or should I go straight to the configuration files and treat this like a JBoss level problem?

Thanks!

0 Kudos
1 Reply
colinj
Contributor
Contributor

Here's what I've found so far. This is assuming that the vCO installation is a real JBoss installation and doesn't just look like one.

In the web.xml file create the following:

<security-constraint>
     <web-resource-collection>
          <web-resource-name>Protected Context</web-resource-name>
          <url-pattern>/*</url-pattern>

     </web-resource-collection>
     <!-- auth-constraint goes here if you requre authentication -->
     <user-data-constraint>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
</security-constraint>

This should force all connections through the https port. Now, if I can just find the web.xml file to see if I can add this.

0 Kudos