Javalin 5 Secure Connections
Contents
This is another follow-up to a now out-of-date earlier walkthrough.
The first follow-up is here: Jetty 11 Secure Connections
(So, yes, this is a follow-up to a follow-up.)
In this note I look at how to replace my custom Jetty server configuration with two Javalin plug-ins:
- the community-provided SSL plugin
- a bundled plugin which enables redirection of requests from an insecure
http
connection to a securehttps
connection.
SSL Plugin
The SSL plugin has various well-documented options - but here is a simple set-up:
The import:
|
|
My ports:
|
|
The config:
|
|
When Javalin starts, you will see log messages similar to the following:
|
|
And, prior to that, more detailed Jetty messages - one for the insecure (http
) connector, and one for the secure (https
) connector:
|
|
One point to note: That h2c
protocol for the insecure connector represents HTTP/2 “cleartext”.
You can control much more than just the attributes shown above - check the Javadoc and tutorial.
Patching an Existing Jetty Server
The SSL plugin supports patching an existing instance of your Jetty server:
|
|
The Jetty server can be created however you need - similar to the example shown here - but without the logic which creates connectors, since those are now created by the SSL plugin.
You can therefore customize your Jetty server however you wish, manually - but then use the SSL plugin to handle creation of the Jetty connectors.
Important: In this situation, you no longer need to register the SSL plugin:
|
|
Acknowledgements - A very big thank you to the creator of the SSL plugin for helping me to understand how to use the SSL plugin.
Traffic Redirection
For insecure-to-secure redirection, there is a separate bundled plugin:
|
|
That takes care of routing http
traffic to https
- but with a couple of caveats:
- no redirection is performed for
locahost
hosts. - only the protocol is changed (
http
tohttps
) - so if you are using non-standard ports (something other than 80 and 443) then those will not be changed.
You can see the source code here.
It’s a straightforward approach. You could write your own version, if needed.
A Note on HSTS
HSTS (HTTP Strict Transport Security) configurations used by your browser may interfere with your attempts to manage http
and https
connections and reroutes.
One symptom of this is if your browser navigation bar inexplicably insists on changing a valid url such as:
http://localhost:8080/test
…to an invalid one such as:
https://localhost:8080/test
Note the protocol has changed but the port number is still 8080
.
There are plenty of articles discussing ways to fix this. Here is one:
Re-Hashed: How to clear HSTS settings in Chrome and Firefox
Or, try a different port number.
Author northCoder
LastMod 26-Jan-2023