Securing BlazeDS (https)

I wanted to set up a flex/BlazeDS app to ONLY use https and not http at all!

Key lies in setting up the channels in two places:

1) In services-config.xml, comment out the normal my-amf channel and leave the my-secure-amf only

<!–

<channel-definition id=”my-amf”>
<endpoint url=”http://{server.name}:{server.port}/{context.root}/messagebroker/amf”/>
</channel-definition>
–>
<channel-definition id=”my-secure-amf”>
<endpoint url=”https://{server.name}:{server.port}/{context.root}/messagebroker/amfsecure”/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>

2) Secondly comment out the same details in the remoting-config.xml file

<default-channels>
<channel ref=”my-secure-amf”/>
<!–          <channel ref=”my-amf”/> –>
</default-channels>

That’s it. Deploy and check. the first screen on http may appear, but nothing thereafter will work unless you use https://

Advertisements
  • Calendar

    • November 2017
      M T W T F S S
      « Dec    
       12345
      6789101112
      13141516171819
      20212223242526
      27282930  
  • Search