Hello Forum,

I am using Joget in a secured SSL / HTTPS configuration and come across some issues:

(1) configure SSL for limited url's, e.g. only login pages.

(2) the use of Jasper reports in SSL secured environment seems not to work properly

(1)

Since SSL has quite a lot of performance impact I would like to apply SSL only to login pages, but do not manage to accomplish this.

In web.xml I tried to use this rule to force https which does not work:

   <security-constraint>
      <web-resource-collection>
        <web-resource-name>Protected Context</web-resource-name>
        <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <!- auth-constraint goes here if you requre authentication ->
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
   </security-constraint>      
   <security-constraint>

      <web-resource-collection>

        <web-resource-name>Protected Context</web-resource-name>

        <url-pattern>/jw/web/login</url-pattern>

      </web-resource-collection>

      <!- auth-constraint goes here if you requre authentication ->

      <user-data-constraint>

         <transport-guarantee>CONFIDENTIAL</transport-guarantee>

      </user-data-constraint>

   </security-constraint>      

When I use url pattern "/*" the whole site is properly forced to https.
But when I use "/jw/web/login" or "/jw/web/login/*" or both it does not work.

2)
When I use https, the report will not be shown in the browser, but I get errors in the log  :
Dec 06, 2013 9:45:47 PM org.joget.plugin.enterprise.JasperReportsMenu getRenderPage
SEVERE: No route to host
java.net.NoRouteToHostException: No route to host
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)

The Jasper export to PDF however still works.

I hope you can give any ideas to solve these SSL security and Jasper issues.

Best Regards, 
Joost van der Schoot

  • No labels