Creating an HTTP listener with security enabled using web admin console doesn't work

[rdelaplante]

This was tested on GlassFish 4.1, JDK 8u45 and Windows 7 (also Windows Server 2012 R2).

Steps to reproduce:

1. Log into web admin console and navigate to Configurations -> server-config -> Network Config -> Network Listeners then click the New button.

2. Name it "test-listener" then press tab, enter port 8443, enter address 0.0.0.0, check the security enabled checkbox, select the http-thread-pool and then save.

3. Open the domain.xml file and search for test-listener until you find this block:

     <protocol name="test-listener-protocol" security-enabled="true">
       <http default-virtual-server="server">
         <file-cache></file-cache>
       </http>
     </protocol>
   

It is missing the SSL tag. It is supposed to look like this:

      <protocol name="test-listener-protocol" security-enabled="true">
        <http default-virtual-server="server">
          <file-cache></file-cache>
        </http>
        <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as"></ssl>
      </protocol>

If you restart GlassFish and try to access https://localhost:8443 you'll get some sort of SSL connection related error. If you then add the ssl tag to the test-listener in domain.xml and restart, you will be able to access https://localhost:8443 in the browser after being warned about self signed certificates.

I think this is a regression. I don't remember having this problem with GlassFish 3.1.2.2.

[rdelaplante]

Thanks for fixing this. It would be interesting to find out when this regression occurred in the GlassFish code. I used GlassFish 3.1.2.2 for years and followed the same steps to create a new HTTPS listener for each new customer. It wasn't until we upgraded to 4.1 (skipping 4.0) that we discovered this issue.

[smillidge]

I took a quick look through the code but that code was the same back to the original branching and reorganisation from 3.x to 4.x it could be that it is making assumptions from back in the 3.x era wrt to SSL configuration which are no longer valid.