Re: Accessing a page over HTTPS results in infinite 302 redirects
Thanks for the answers. We will try adding the "X-Forwarded-Proto: https" header to our requests. /Kim 2019-06-14 11:34 skrev Chris Poulsen: Hi, We use: // default to non-secure pages (allows us to support both http and https based on the request) configuration.add( SymbolConstants.SECURE_ENABLED, "false" ); And always have an upstream proxy for performing SSL termination. This relies on the X-Forward-* headers being set and handled correctly by the various servers. -- Chris On Fri, Jun 14, 2019 at 10:06 AM Dmitry Gusev wrote: Hi, I'd suggest to check value of `Request#isSecure()`, it looks like it's false. It can happen if your WebSphere is behind a proxy/load balancer which terminates SSL, in this case you may need to configure WebSphere to acknowledge the x-forwarded-proto HTTP header. On Fri, Jun 14, 2019 at 9:17 AM Kim Syväluoma wrote: > We have a Tapestry application which we need to use over HTTPS only. We > are using Weblogic only. > > We have these set in the AppModule of the Tapestry application: > > public static void contributeApplicationDefaults( > final MappedConfiguration configuration) { > configuration.add("tapestry.supported-locales", "en"); > configuration.add("tapestry.start-page-name", "start"); > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); > configuration.add(SymbolConstants.SECURE_ENABLED, "true"); > } > > public static void contributeMetaDataLocator(final > MappedConfiguration configuration) { > configuration.add(MetaDataConstants.SECURE_PAGE, "true"); > } > > In the Start page we have a redirect like this: > > final Object onActivate() { > if (!this.sessionHandler.isLoggedIn()) { > return this.loginPage; > } > return this.mainFrameSet; > } > > We we try to access our app by HTTPS at root or directly at the start > page, loginPage or mainFrameSet page we get infinite redirect loop (302) > to the same page we are accessing. > > If we set the MetaDataConstants.SECURE_PAGE to false we can access our > app over HTTPS but all page requests/links within the app is then done > over HTTP and that does not work. > We need to have all functionality within the app to work over, and using > only, HTTPS. > > What have we missed? > > Br, > Kim > > -- > ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤ > Name: | Kim Syväluoma| > Email: | kim@aland.net| > Tel (GSM): | +358 (0)40 592 5267 | > Tel Work: | +358 (0)20 7910 666 | > = > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- Dmitry Gusev AnjLab Team http://anjlab.com -- ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤ Name: | Kim Syväluoma| Email: | kim@aland.net| Tel (GSM): | +358 (0)40 592 5267 | Tel Work: | +358 (0)20 7910 666 | = - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Accessing a page over HTTPS results in infinite 302 redirects
Hi, We use: // default to non-secure pages (allows us to support both http and https based on the request) configuration.add( SymbolConstants.SECURE_ENABLED, "false" ); And always have an upstream proxy for performing SSL termination. This relies on the X-Forward-* headers being set and handled correctly by the various servers. -- Chris On Fri, Jun 14, 2019 at 10:06 AM Dmitry Gusev wrote: > Hi, > > I'd suggest to check value of `Request#isSecure()`, it looks like it's > false. > > It can happen if your WebSphere is behind a proxy/load balancer which > terminates SSL, > in this case you may need to configure WebSphere to acknowledge the > x-forwarded-proto HTTP header. > > On Fri, Jun 14, 2019 at 9:17 AM Kim Syväluoma wrote: > > > We have a Tapestry application which we need to use over HTTPS only. We > > are using Weblogic only. > > > > We have these set in the AppModule of the Tapestry application: > > > > public static void contributeApplicationDefaults( > > final MappedConfiguration configuration) { > > configuration.add("tapestry.supported-locales", "en"); > > configuration.add("tapestry.start-page-name", "start"); > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); > > configuration.add(SymbolConstants.SECURE_ENABLED, "true"); > > } > > > > public static void contributeMetaDataLocator(final > > MappedConfiguration configuration) { > > configuration.add(MetaDataConstants.SECURE_PAGE, "true"); > > } > > > > In the Start page we have a redirect like this: > > > > final Object onActivate() { > > if (!this.sessionHandler.isLoggedIn()) { > > return this.loginPage; > > } > > return this.mainFrameSet; > > } > > > > We we try to access our app by HTTPS at root or directly at the start > > page, loginPage or mainFrameSet page we get infinite redirect loop (302) > > to the same page we are accessing. > > > > If we set the MetaDataConstants.SECURE_PAGE to false we can access our > > app over HTTPS but all page requests/links within the app is then done > > over HTTP and that does not work. > > We need to have all functionality within the app to work over, and using > > only, HTTPS. > > > > What have we missed? > > > > Br, > > Kim > > > > -- > > ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤ > > Name: | Kim Syväluoma| > > Email: | kim@aland.net| > > Tel (GSM): | +358 (0)40 592 5267 | > > Tel Work: | +358 (0)20 7910 666 | > > = > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > > > -- > Dmitry Gusev > > AnjLab Team > http://anjlab.com >
Re: Accessing a page over HTTPS results in infinite 302 redirects
Hi, I'd suggest to check value of `Request#isSecure()`, it looks like it's false. It can happen if your WebSphere is behind a proxy/load balancer which terminates SSL, in this case you may need to configure WebSphere to acknowledge the x-forwarded-proto HTTP header. On Fri, Jun 14, 2019 at 9:17 AM Kim Syväluoma wrote: > We have a Tapestry application which we need to use over HTTPS only. We > are using Weblogic only. > > We have these set in the AppModule of the Tapestry application: > > public static void contributeApplicationDefaults( > final MappedConfiguration configuration) { > configuration.add("tapestry.supported-locales", "en"); > configuration.add("tapestry.start-page-name", "start"); > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); > configuration.add(SymbolConstants.SECURE_ENABLED, "true"); > } > > public static void contributeMetaDataLocator(final > MappedConfiguration configuration) { > configuration.add(MetaDataConstants.SECURE_PAGE, "true"); > } > > In the Start page we have a redirect like this: > > final Object onActivate() { > if (!this.sessionHandler.isLoggedIn()) { > return this.loginPage; > } > return this.mainFrameSet; > } > > We we try to access our app by HTTPS at root or directly at the start > page, loginPage or mainFrameSet page we get infinite redirect loop (302) > to the same page we are accessing. > > If we set the MetaDataConstants.SECURE_PAGE to false we can access our > app over HTTPS but all page requests/links within the app is then done > over HTTP and that does not work. > We need to have all functionality within the app to work over, and using > only, HTTPS. > > What have we missed? > > Br, > Kim > > -- > ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤ > Name: | Kim Syväluoma| > Email: | kim@aland.net| > Tel (GSM): | +358 (0)40 592 5267 | > Tel Work: | +358 (0)20 7910 666 | > = > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- Dmitry Gusev AnjLab Team http://anjlab.com