Configuring Strict Transport Security (HSTS) on WildFly

HSTS stands for HTTP Strict Transport Security. It is a method used by websites to declare that they should only be accessible using a secure connection (HTTPS). If a website declares an HSTS policy, the browser should reject all HTTP connections and prevent users from accepting insecure SSL certificates. In this tutorial we will learn how to configure in on WildFly Web server.

Read more

How to configure CORS on WildFly

This articles discusses about Cross-origin HTTP requests (CORS) and how they can be enabled on WildFly. Let0s start with some definitions: a cross-origin HTTP request is one that is made to: A different domain (for example, from acme.com to amazon.com). A different subdomain (for example, from acme.com to home.acme.com). A different port (for example, from … Read more

How to set the SameSite attribute in Java Web applications

This short article describes how you can set the SameSite property in HTTP Cookies for Web applications, with special focus on WildFly‘s Web server, which is Undertow. What is SameSite ? SameSite is a property that can be set in HTTP cookies to avoid false cross-site request (CSRF) attacks in web applications: When SameSite is … Read more

Getting started with Vaadin on WildFly

Vaadin is an open source Java web framework with a large set of Web Components and Java EE supported with CDI integration. Let’s see how to get started with it to create a sample Web application which will run on WildFly. The simplest way to get started with Vaadin is by creating a new Vaadin … Read more

Converting Tomcat Valves to Undertow Handlers

Undertow doesn’t support the older JBoss Web valves, however most of them can be easily migrated to Undertow handlers.Here is a list of those valves and their corresponding Undertow handler: Valve Handler org.apache.catalina.valves.AccessLogValve io.undertow.server.handlers.accesslog.AccessLogHandler org.apache.catalina.valves.ExtendedAccessLogValve io.undertow.server.handlers.accesslog.AccessLogHandler org.apache.catalina.valves.RequestDumperValve io.undertow.server.handlers.RequestDumpingHandler org.apache.catalina.valves.RewriteValve io.undertow.server.handlers.SetAttributeHandler org.apache.catalina.valves.RemoteHostValve io.undertow.server.handlers.AccessControlListHandler org.apache.catalina.valves.RemoteAddrValve io.undertow.server.handlers.IPAddressAccessControlHandler org.apache.catalina.valves.RemoteIpValve io.undertow.server.handlers.ProxyPeerAddressHandler org.apache.catalina.valves.StuckThreadDetectionValve io.undertow.server.handlers.StuckThreadDetectionHandler org.apache.catalina.valves.CrawlerSessionManagerValve io.undertow.servlet.handlers.CrawlerSessionManagerHandler It is possible to do … Read more

Writing a custom Undertow Handler

In this quick quick tutorial we will learn how to add a custom Handler to Undertow and then we will install it on WildFly as a module. The main Undertow functionality is provided by io.undertow.server.HttpHandler instances. These handlers can be chained together to form a complete server. In this example, we will add a TimedHandler … Read more

Configuring Proxy address forwarding with WildFly

This tutorial discusses how to configure Proxy address forwarding with WildFly’s Web server (Undertow). A common scenario in many architectures is to have WildFly server fronted by a reverse Proxy like Squid or Apache that maps the WildFly domain. What happens is that, if you are using for example a navigation rule in your application … Read more