After you enable HTTPS access to Squore Server following the steps described in the section called “Accessing Squore via HTTPS”, you can redirect insecure traffic to HTTPS by modifying the web server's configuration and the Squore Server application:
Stop Squore Server
Extract the settings file:
cd <SQUORE_HOME>/deploy jar xf squore-server.ear jar xf squore-web.war
Modify Squore Server's web.xml:
Open <SQUORE_HOME>/deploy/squore-web.war/WEB-INF/web.xml
in a text editor
Add the following security-constraint
element before
the closing web-app
element, as shown below:
<?xml version="1.0" encoding="UTF-8"?> <web-app> (...) <security-constraint> <web-resource-collection> <web-resource-name>SECURE</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> </web-app>
Repackage the application:
cd <SQUORE_HOME>/deploy jar cf squore-web.war jar cf squore-server.ear
Edit the http
connector
in <SQUORE_HOME>/server/standalone/configuration/standalone.xml to add a redirection to the https port:
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8543" />
Deploy the patched application following the instructions on https://openwiki.squoring.com/index.php/Deploying_A_Patch#Since_Squore_16.1.2.
Instead of using the command line, you can use 7zip on Windows to open the .ear and .war files and directly patch their contents.