How to have Jetty redirect http to https

Speaking for Jetty 9... Here's how you can do it provided that your SSL connector already works:

Step 1: Make sure everything goes through SSL by adding this to your web.xml. If you try to access a resource through HTTP, this will return a 403 !SECURE error

<security-constraint>
  <web-resource-collection>
   <web-resource-name>Everything</web-resource-name>
   <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

Step 2: Have Jetty redirect to HTTPS when it sees a 403 !SECURE error by adding this to your jetty.xml

<New id="tlsHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
   <Arg>
      <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
         <!-- This says... Redirect to https://host:8443 if server returns "NOT SECURE" error -->
         <Set name="secureScheme">https</Set>
         <Set name="securePort">8443</Set>
      </New>
   </Arg>
   <Call name="addCustomizer">
      <Arg>
         <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
      </Arg>
   </Call>
</New>

<!-- This is your HTTP connector, you should have another one for HTTPS -->
<New class="org.eclipse.jetty.server.ServerConnector">
   <Arg name="server">
      <Ref refid="MyServer" />
   </Arg>
   <Arg name="factories">
      <Array type="org.eclipse.jetty.server.ConnectionFactory">
         <Item>
            <New class="org.eclipse.jetty.server.HttpConnectionFactory">
               <Arg name="config">
                  <!-- defined above -->
                  <Ref refid="tlsHttpConfig" />
               </Arg>
            </New>
         </Item>
      </Array>
   </Arg>
   <Set name="host">localhost</Set>
   <Set name="port">8080</Set>
</New>

I think that the pattern is matching only the URI. You should use something like:

<New id="forwardedHttps" class="org.eclipse.jetty.rewrite.handler.ForwardedSchemeHeaderRule">
           <Set name="header">X-Forwarded-Scheme</Set>
           <Set name="headerValue">https</Set>
           <Set name="scheme">https</Set>
</New>

See: http://download.eclipse.org/jetty/stable-7/apidocs/org/eclipse/jetty/rewrite/handler/RewriteHandler.html

I just added the doc: http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Redirecting_http_requests_to_https

As far as I can tell, this is not easy to do with any of the rules/handlers that are shipped with Jetty 6.

The RedirectPatternRule matches on the target which is the path in the Jetty server, and not the full URI, so your rule is never matching.

You could change it to:

<New id="redirect" class="org.mortbay.jetty.handler.rewrite.RedirectPatternRule">
  <Set name="pattern">/*</Set>
  <Set name="location">https://foobar.com</Set>
</New>

However, that has 2 issues:

1. It will redirect all requests (even https requests)
2. It doesn't take the requested URL into account (it always redirects to location as it is specified, and ignores anything that was matched by the pattern)

You can overcome the first issue with some trickery.
You can wrap the RewriteHandler in a ContextHandler, and a context handler allows you to specify which connectors it will handle requests from (setConnectorNames). So, you could use that to make the rewrite only apply to requests on the http connector(s).

I can't think of a way to overcome the second issue though.

I think your best bet will to write your own redirect rule for this. If you don't have development resources to do that for you, then contact me (you can find my email address via my blog, which is in my profile) and I can whip one up (under the same license as Jetty). It will be pretty straight forward to write a rule that simply redirects http to https.