access to DDF via HTTP

[Joel Millage]

We are running DDF 2.8.3 currently and I am trying to get it to run behind a reverse proxy server that has HTTPS already configured (customer specification) so I just want to run in HTTP only for DDF.

I modified org.ops4j.pax.web.cfg and turned on HTTP, I then changed system.properties port to be 8181 to match httpPort and then changed protocol in there to be http:// 

but when i try to access http://<url>:8181/admin or /search I get errors in my log like:

org.apache.cxf.ws.policy.PolicyException: Assertion of type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken could not be asserted: Not an HTTPs connection

at org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor.assertHttps(HttpsTokenInterceptorProvider.java:198)[178:org.apache.cxf.cxf-rt-ws-security:3.0.4]

at org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor.handleMessage(HttpsTokenInterceptorProvider.java:135)[178:org.apache.cxf.cxf-rt-ws-security:3.0.4]

at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)[131:org.apache.cxf.cxf-core:3.0.4]

at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)[131:org.apache.cxf.cxf-core:3.0.4]

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)[131:org.apache.cxf.cxf-core:3.0.4]

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)[131:org.apache.cxf.cxf-core:3.0.4]

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)[131:org.apache.cxf.cxf-core:3.0.4]

at org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:848)[178:org.apache.cxf.cxf-rt-ws-security:3.0.4]

at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61)[178:org.apache.cxf.cxf-rt-ws-security:3.0.4]

at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55)[178:org.apache.cxf.cxf-rt-ws-security:3.0.4]

at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51)[178:org.apache.cxf.cxf-rt-ws-security:3.0.4]

at ddf.security.realm.sts.AbstractStsRealm.requestSecurityToken(AbstractStsRealm.java:280)[270:security-sts-realm:2.8.3.SNAPSHOT]

at ddf.security.realm.sts.AbstractStsRealm.doGetAuthenticationInfo(AbstractStsRealm.java:241)[270:security-sts-realm:2.8.3.SNAPSHOT]

at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)[210:org.apache.shiro.core:1.2.3]

at Proxy5c96ae93_9862_494a_b3b4_26554ff57e7a.getAuthenticationInfo(Unknown Source)[:]

at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:219)[210:org.apache.shiro.core:1.2.3]

at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269)[210:org.apache.shiro.core:1.2.3]

at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)[210:org.apache.shiro.core:1.2.3]

at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)[210:org.apache.shiro.core:1.2.3]

at ddf.security.service.impl.SecurityManagerImpl.getSubject(SecurityManagerImpl.java:101)[244:security-core-impl:2.8.3.SNAPSHOT]

at ddf.security.service.impl.SecurityManagerImpl.getSubject(SecurityManagerImpl.java:78)[244:security-core-impl:2.8.3.SNAPSHOT]

at Proxy30b99d54_896d_4698_a25a_c82082bbd190.getSubject(Unknown Source)[:]

at org.codice.ddf.security.filter.login.LoginFilter.handleAuthenticationToken(LoginFilter.java:525)[263:security-filter-login:2.8.3.SNAPSHOT]

at org.codice.ddf.security.filter.login.LoginFilter.validateRequest(LoginFilter.java:312)[263:security-filter-login:2.8.3.SNAPSHOT]

at org.codice.ddf.security.filter.login.LoginFilter.doFilter(LoginFilter.java:252)[263:security-filter-login:2.8.3.SNAPSHOT]

at org.codice.ddf.platform.filter.delegate.ProxyFilterChain.doFilter(ProxyFilterChain.java:106)[69:platform-filter-delegate:2.8.3.SNAPSHOT]

at org.codice.ddf.security.filter.websso.WebSSOFilter.handleRequest(WebSSOFilter.java:230)[260:security-filter-web-sso:2.8.3.SNAPSHOT]

at org.codice.ddf.security.filter.websso.WebSSOFilter.doFilter(WebSSOFilter.java:133)[260:security-filter-web-sso:2.8.3.SNAPSHOT]

at org.codice.ddf.platform.filter.delegate.ProxyFilterChain.doFilter(ProxyFilterChain.java:106)[69:platform-filter-delegate:2.8.3.SNAPSHOT]

at org.codice.ddf.platform.filter.delegate.DelegateServletFilter.doFilter(DelegateServletFilter.java:102)[69:platform-filter-delegate:2.8.3.SNAPSHOT]

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1476)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:69)[68:org.ops4j.pax.web.pax-web-jetty:3.2.4]

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:240)[68:org.ops4j.pax.web.pax-web-jetty:3.2.4]

at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:75)[68:org.ops4j.pax.web.pax-web-jetty:3.2.4]

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.server.Server.handle(Server.java:370)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[59:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]

Any suggestions as to what I am missing?

[Scott Tustison]

The Admin Console is only accessible via HTTPS and the restriction is hardcoded into its web.xml file. You cannot access it via HTTP. For later versions of DDF, this has been extended to *all* of the webapps that run within DDF by default.

Scott

[Joel Millage]

Ah thank you! Did not know that, that explains it now.