How to stop the redirectPort attribute from being ignored in JBoss
Due to a transformation in the ServiceBindingManager in JBoss 5, the redirectPort in server.xml is overridden and replaced with httpPort + 363, as follows:
<xsl:variable name="portHttps" select="$port + 363"/>
This seems nice and automatic, but can cause automatic redirects to go to the above port, instead of the port you have set in server.xml
In a production environment, the server may be listening on ports 8080/8443. If using a CONFIDENTIAL transport guarantee for some sections of the application, we would want redirects to SSL in the browser to go to port 443, not 8443. Therefore, we use a redirectPort of 443 in the <Connector> element in server.xml (which is actually the default anyway).
However, this section in bindings-jboss-beans.xml overrides this and changes our redirectPort to 8080+363 (8443).
ie:
- 1) we go to http://oursite.com
- 2) it redirects to SSL, and ends up on :8443
- 3) the browser shows https://oursite.com:8443/somepage (unintended behaviour, should not contain :8443)
You can see the real server.xml file that JBoss uses for deployment, after the transformation has been applied, in the server/all/tmp folder. Look for a file named service-binding63562.tmp or similar. Each time it generates, it creates a new file like this, with a new random number. Anyway, we don't want that behaviour, so let's disable it...
nano server/all/conf/bindingservice.beans/META-INF/bindings-jboss-beans.xml
Comment out this section:
<xsl:when test="(name() = 'redirectPort')">
<xsl:attribute name="redirectPort"><xsl:value-of select="$portHttps" /></xsl:attribute>
</xsl:when>
Now our redirectPort setting is used correctly.
- 1) we go to http://oursite.com
- 2) it redirects to SSL, and ends up on :443
- 3) the browser shows https://oursite.com/somepage (intended behaviour)
