HTTPS Login for Hudson deployed in Sun Java System Webserver 7
I helped setup Hudson for my group's automated builds. We want to use HTTPS for secure transmission of passwords when logging in, but plain HTTP is fine for use of the application itself. Here is how we set this up in Sun Java System Webserver 7:
- Install a certificate to be used for HTTPS into SJSWS.
- Add a second http-listener in the SJSWS configuration, so it now listens on both port 80 for http and port 443 for https.
- Navigate to the Virtual Server config, Content Handling tab, URL Redirects
subtab.
Add the following two redirects:
- Condition: $url =~ '^http://[^/]*/login'
TargetURL: https://{server-hostname}
Fixed URL: not checked - Condition: $url =~ '^https:' and $uri !~
'^/(login|j_acegi_security_check)'
TargetURL: http://{server-hostname}
Fixed URL: not checked
- Condition: $url =~ '^http://[^/]*/login'
- Manually edit
$SJSWS_HOME/admin-server/config-store/{config-name}/config/{server-name}-obj.conf
Find this line: NameTrans fn="ntrans-j2ee" name="j2ee"
Move this line just below the last "</If>" line for the URL redirects. - Deploy the configuration changes
The manual edit is unfortunate, but the default setup hands off requests to J2EE webapps before processing redirects... so requests handled by Hudson would
ignore these redirect rules. Moving that line down allows the redirects to
work.
NOTE: if you ever add/edit any of these redirects using SJSWS admin
console then you need to again manually edit this file and move that line. It
will always add new/editing entries just below that line.
How the redirects work:
When you visit Hudson it will be HTTP. When you click the login link the first
redirect jumps you over to HTTPS. The second redirect rule allows HTTPS requests
for 3 things:
- /login -- viewing of the login page
- /loginError -- any errors when logging in
- /j_acegi_security_check -- this is where the actual login request with username/password is POSTed
Posted at 01:41PM Mar 12, 2009 by mindless in Sun | Comments[1]