Re: Accessing a page over HTTPS results in infinite 302 redirects
Thanks for the answers. We will try adding the "X-Forwarded-Proto:
https" header to our requests.
/Kim
2019-06-14 11:34 skrev Chris Poulsen:
Hi,
We use:
// default to non-secure pages (allows us to support both http and
https
based on the request)
configuration.add( SymbolConstants.SECURE_ENABLED, "false" );
And always have an upstream proxy for performing SSL termination. This
relies on the X-Forward-* headers being set and handled correctly by
the
various servers.
--
Chris
On Fri, Jun 14, 2019 at 10:06 AM Dmitry Gusev
wrote:
Hi,
I'd suggest to check value of `Request#isSecure()`, it looks like it's
false.
It can happen if your WebSphere is behind a proxy/load balancer which
terminates SSL,
in this case you may need to configure WebSphere to acknowledge the
x-forwarded-proto HTTP header.
On Fri, Jun 14, 2019 at 9:17 AM Kim Syväluoma
wrote:
> We have a Tapestry application which we need to use over HTTPS only. We
> are using Weblogic only.
>
> We have these set in the AppModule of the Tapestry application:
>
> public static void contributeApplicationDefaults(
> final MappedConfiguration configuration) {
> configuration.add("tapestry.supported-locales", "en");
> configuration.add("tapestry.start-page-name", "start");
> configuration.add(SymbolConstants.HOSTPORT_SECURE, "443");
> configuration.add(SymbolConstants.SECURE_ENABLED, "true");
> }
>
> public static void contributeMetaDataLocator(final
> MappedConfiguration configuration) {
> configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> }
>
> In the Start page we have a redirect like this:
>
> final Object onActivate() {
> if (!this.sessionHandler.isLoggedIn()) {
> return this.loginPage;
> }
> return this.mainFrameSet;
> }
>
> We we try to access our app by HTTPS at root or directly at the start
> page, loginPage or mainFrameSet page we get infinite redirect loop (302)
> to the same page we are accessing.
>
> If we set the MetaDataConstants.SECURE_PAGE to false we can access our
> app over HTTPS but all page requests/links within the app is then done
> over HTTP and that does not work.
> We need to have all functionality within the app to work over, and using
> only, HTTPS.
>
> What have we missed?
>
> Br,
> Kim
>
> --
> ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤
> Name: | Kim Syväluoma|
> Email: | kim@aland.net|
> Tel (GSM): | +358 (0)40 592 5267 |
> Tel Work: | +358 (0)20 7910 666 |
> =
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
--
Dmitry Gusev
AnjLab Team
http://anjlab.com
--
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤
Name: | Kim Syväluoma|
Email: | kim@aland.net|
Tel (GSM): | +358 (0)40 592 5267 |
Tel Work: | +358 (0)20 7910 666 |
=
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Accessing a page over HTTPS results in infinite 302 redirects
Hi,
We use:
// default to non-secure pages (allows us to support both http and https
based on the request)
configuration.add( SymbolConstants.SECURE_ENABLED, "false" );
And always have an upstream proxy for performing SSL termination. This
relies on the X-Forward-* headers being set and handled correctly by the
various servers.
--
Chris
On Fri, Jun 14, 2019 at 10:06 AM Dmitry Gusev
wrote:
> Hi,
>
> I'd suggest to check value of `Request#isSecure()`, it looks like it's
> false.
>
> It can happen if your WebSphere is behind a proxy/load balancer which
> terminates SSL,
> in this case you may need to configure WebSphere to acknowledge the
> x-forwarded-proto HTTP header.
>
> On Fri, Jun 14, 2019 at 9:17 AM Kim Syväluoma wrote:
>
> > We have a Tapestry application which we need to use over HTTPS only. We
> > are using Weblogic only.
> >
> > We have these set in the AppModule of the Tapestry application:
> >
> > public static void contributeApplicationDefaults(
> > final MappedConfiguration configuration) {
> > configuration.add("tapestry.supported-locales", "en");
> > configuration.add("tapestry.start-page-name", "start");
> > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443");
> > configuration.add(SymbolConstants.SECURE_ENABLED, "true");
> > }
> >
> > public static void contributeMetaDataLocator(final
> > MappedConfiguration configuration) {
> > configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> > }
> >
> > In the Start page we have a redirect like this:
> >
> > final Object onActivate() {
> > if (!this.sessionHandler.isLoggedIn()) {
> > return this.loginPage;
> > }
> > return this.mainFrameSet;
> > }
> >
> > We we try to access our app by HTTPS at root or directly at the start
> > page, loginPage or mainFrameSet page we get infinite redirect loop (302)
> > to the same page we are accessing.
> >
> > If we set the MetaDataConstants.SECURE_PAGE to false we can access our
> > app over HTTPS but all page requests/links within the app is then done
> > over HTTP and that does not work.
> > We need to have all functionality within the app to work over, and using
> > only, HTTPS.
> >
> > What have we missed?
> >
> > Br,
> > Kim
> >
> > --
> > ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤
> > Name: | Kim Syväluoma|
> > Email: | kim@aland.net|
> > Tel (GSM): | +358 (0)40 592 5267 |
> > Tel Work: | +358 (0)20 7910 666 |
> > =
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> > For additional commands, e-mail: users-h...@tapestry.apache.org
> >
> >
>
> --
> Dmitry Gusev
>
> AnjLab Team
> http://anjlab.com
>
Re: Accessing a page over HTTPS results in infinite 302 redirects
Hi,
I'd suggest to check value of `Request#isSecure()`, it looks like it's
false.
It can happen if your WebSphere is behind a proxy/load balancer which
terminates SSL,
in this case you may need to configure WebSphere to acknowledge the
x-forwarded-proto HTTP header.
On Fri, Jun 14, 2019 at 9:17 AM Kim Syväluoma wrote:
> We have a Tapestry application which we need to use over HTTPS only. We
> are using Weblogic only.
>
> We have these set in the AppModule of the Tapestry application:
>
> public static void contributeApplicationDefaults(
> final MappedConfiguration configuration) {
> configuration.add("tapestry.supported-locales", "en");
> configuration.add("tapestry.start-page-name", "start");
> configuration.add(SymbolConstants.HOSTPORT_SECURE, "443");
> configuration.add(SymbolConstants.SECURE_ENABLED, "true");
> }
>
> public static void contributeMetaDataLocator(final
> MappedConfiguration configuration) {
> configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> }
>
> In the Start page we have a redirect like this:
>
> final Object onActivate() {
> if (!this.sessionHandler.isLoggedIn()) {
> return this.loginPage;
> }
> return this.mainFrameSet;
> }
>
> We we try to access our app by HTTPS at root or directly at the start
> page, loginPage or mainFrameSet page we get infinite redirect loop (302)
> to the same page we are accessing.
>
> If we set the MetaDataConstants.SECURE_PAGE to false we can access our
> app over HTTPS but all page requests/links within the app is then done
> over HTTP and that does not work.
> We need to have all functionality within the app to work over, and using
> only, HTTPS.
>
> What have we missed?
>
> Br,
> Kim
>
> --
> ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤
> Name: | Kim Syväluoma|
> Email: | kim@aland.net|
> Tel (GSM): | +358 (0)40 592 5267 |
> Tel Work: | +358 (0)20 7910 666 |
> =
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
--
Dmitry Gusev
AnjLab Team
http://anjlab.com
