Martin,
Have you tried setting the tapestry.secure-enabled symbol to "false" in
your AppModule.java? That prevents Tapestry from redirecting to https (and
you won't have to have @Secure annotations on your pages).
On Feb 5, 2015 11:30 AM, "Norman Franke" wrote:
> While not addressing your problem exactly, I have found issues with
> cookies doing things like this. You try to login via HTTPS. Your session is
> created as a secure cookie, and when you go back to regular HTTP after
> login, you have no session cookie. I created a new, non-secure cookie, but
> that’s definitely a hack and has some issues. I don’t use @Secure since I
> could never get anything working correctly, and so redirect myself.
>
> You could try using something like nginx to do SSL to plan old tomcat
> running in HTTP mode. Using the @Secure annotation will still cause
> problems, since it will want to use HTTPS to / from tomcat. This would
> likely work, but local users won’t benefit from HTTPS for login. However,
> you could potentially us nginx to handle that as well, forcing HTTPS for a
> specific URL.
>
> You may be able to use your own MetaDataLocator service to determine that
> client IP address and decide there. Obviously if you are doing a reverse
> proxy, the Http Request IP address won’t necessarily be the client’s IP
> address, but most proxies add a header you could use.
>
> Norman Franke
> Answering Service for Directors, Inc.
> www.myasd.com
>
>
>
> On Feb 5, 2015, at 4:16 AM, Martin Nagl wrote:
>
> > Hi all,
> >
> > we have a Tapesty5 application deployed on Tomcat + Apache httpd. In
> > production environment at our customer, the application should be
> deployed
> > / accessed like this:
> > - Tomcat is running on a server in internal network on port 8080.
> > - There is an Apache HTTP server with reverse proxy to Tomcat (AJP)
> > accessible from the internet on port 80.
> > - Internal users should access the application on Tomcat directly
> without
> > https on http://servername.intranet.customer.sk:8080/appname/login
> > - External users should access the application through Apache httpd,
> with
> > https, on https://apps.customer.sk/appname/login
> >
> > 1. Initiallly, I had no @Secure annotations on my pages. The application
> > worked correctly from internal network, but not from internet. From
> > internet, I could access the login page through https, but after submit,
> I
> > get somehow redirected to http which ends with server error: Your browser
> > sent a request that this server could not understand.
> > Reason: You're speaking plain HTTP to an SSL-enabled server port.
> > Instead use the HTTPS scheme to access this URL, please.
> >
> > 2. I have annotated all my pages with @Secure. The aplication now works
> > correctly from internet, but not from internal network. From internal
> > network, I can access
> > http://servername.intranet.customer.sk:8080/appname/login but I get
> > redirected to https at
> > https://servername.intranet.customer.sk:8080/appname/login. - This is
> not
> > desired, I would like the application to continue in http mode.
> >
> > Is this setup possible with a Tapestry5 application (a single deployed
> > instance)?
> > Is there some way to tell Tapestry "If you're accessed through https,
> then
> > serve all pages through https, else if you're accessed through http, then
> > serve all pages through http"?
> >
> > Thanks
> > Regards
> > Martin
>
>
