RE: Weird behaviour generating URLs for HTTPS pages
Luca, Your reply was tremendously helpful. I don't really know my way around apache and tomcat but using your guide I managed to figure it out and am now doing as you suggest, terminating SSL at Apache then running two Tomcat connectors over HTTP, one with secure=true. All working great. Thanks again, Ben. > Date: Wed, 18 Feb 2015 20:39:50 +0100 > From: lu...@dbmsrl.com > To: users@tapestry.apache.org > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > ... then this might save you some time: > > The easiest way is to setup one vhost for HTTP and another for HTTPS in > apache. > Terminate and handle the TLS/SSl connection in the apache HTTPS vhost as you > seem to be doing now > The two vhost should forward (Proxy pass) request to two distinct Tomcat > connectors. > > Add secure and scheme attribute to the tomcat connector definitions. > Depending on your setup you might find useful to also set the proxyName and > proxyPort attributes of the tomcat connectors, > they set the public dnsname and port for your services and will be use to > build full redirect URLs. > > > > Luca > > > > > > > > Luca > - Original Message - > > From: "Ben Titmarsh" > > To: "Tapestry users" > > Sent: Wednesday, February 18, 2015 7:53:29 PM > > Subject: RE: Weird behaviour generating URLs for HTTPS pages > > > > I think you could be correct Luca. My tomcat is fronted by apache which has > > the following rules: > > > > ProxyPass / http://localhost:8080/ retry=0 > > ProxyPassReverse / http://localhost:8080/ > > ProxyPreserveHost on > > > > I'm not particularly hot on Apache but I suspect that something here is > > modifying Tapestry's https redirect to an http one, which in turn causes > > Tapestry to attempt the redirect back in the other direction causing the > > loop. > > > > Now reading a bit more about this stuff! > > > > > Date: Wed, 18 Feb 2015 19:07:50 +0100 > > > From: lu...@dbmsrl.com > > > To: users@tapestry.apache.org > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > > > Hi, > > > couldn't it be related to the servlet container config? > > > > > > As far as I remember tapestry uses information provided by the servlet > > > container [1] to determinate if a given request is happening over a secure > > > connection or not. > > > So you might want to double check your container config. > > > Assuming you're using Tomcat see [2] (secure and scheme parameter) > > > > > > Moreover the redirect loop you're experiencing make me think you're > > > running > > > behind an http server... > > > Are you're handling the S in httpd? In this case you obviously need two > > > tomcat (or whatever) endpoints (one secure=true the other secure=false), > > > as the container hasn't access to the original (un)secured connection so > > > it can't provide the this info to Tapestry. > > > > > > Luca > > > > > > > > > > > > > > > [1] > > > https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#getScheme() > > > and > > > > > > https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#isSecure() > > > [2] http://tomcat.apache.org/tomcat-7.0-doc/config/http.html > > > - Original Message - > > > > From: "Ben Titmarsh" > > > > To: "Tapestry users" > > > > Sent: Wednesday, February 18, 2015 6:45:18 PM > > > > Subject: RE: Weird behaviour generating URLs for HTTPS pages > > > > > > > > That's right and if I don't add > > > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); then all > > > > links > > > > to > > > > @Secure pages are generated with port 80 too. Not sure why that is.. > > > > > > > > > Date: Wed, 18 Feb 2015 12:40:51 -0500 > > > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > > From: gchrist...@cardaddy.com > > > > > To: users@tapestry.apache.org > > > > > > > > > > My bad Ben, I was thinking this was something related to > > > > > Tapestry-Security > > > > > when I seen your login url example. > > > > > > > > >
Re: Weird behaviour generating URLs for HTTPS pages
On 02/18/2015 10:20 AM, Ben Titmarsh wrote: Hey Guys, I've just got my web server set up for SSL and it's working, but am experiencing some odd behaviour from Tapestry. I've added the @Secure annotation to one of my pages but by default the link is generated thus: https://[DOMAIN]:80/login I tried adding: configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); The link is now generated correctly like this (without a port): https://[DOMAIN]/login However when I hit that link, it gets caught in an infinite 302 redirect loop. I can quite happily hit any page without the @Secure annotation over https and it loads fine. Any pointers? Thanks, Ben. I think you might need configuration.add(MetaDataConstants.SECURE_PAGE, Boolean.TRUE.toString()); I know I have to add that to stop it from putting the port in. We're doing TLS to HTTPD, then AJP to Tomcat with the connector set to https for the scheme and secure set to true. That particular thing only seems to kick in when production mode is true. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Weird behaviour generating URLs for HTTPS pages
... then this might save you some time: The easiest way is to setup one vhost for HTTP and another for HTTPS in apache. Terminate and handle the TLS/SSl connection in the apache HTTPS vhost as you seem to be doing now The two vhost should forward (Proxy pass) request to two distinct Tomcat connectors. Add secure and scheme attribute to the tomcat connector definitions. Depending on your setup you might find useful to also set the proxyName and proxyPort attributes of the tomcat connectors, they set the public dnsname and port for your services and will be use to build full redirect URLs. Luca Luca - Original Message - > From: "Ben Titmarsh" > To: "Tapestry users" > Sent: Wednesday, February 18, 2015 7:53:29 PM > Subject: RE: Weird behaviour generating URLs for HTTPS pages > > I think you could be correct Luca. My tomcat is fronted by apache which has > the following rules: > > ProxyPass / http://localhost:8080/ retry=0 > ProxyPassReverse / http://localhost:8080/ > ProxyPreserveHost on > > I'm not particularly hot on Apache but I suspect that something here is > modifying Tapestry's https redirect to an http one, which in turn causes > Tapestry to attempt the redirect back in the other direction causing the > loop. > > Now reading a bit more about this stuff! > > > Date: Wed, 18 Feb 2015 19:07:50 +0100 > > From: lu...@dbmsrl.com > > To: users@tapestry.apache.org > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > Hi, > > couldn't it be related to the servlet container config? > > > > As far as I remember tapestry uses information provided by the servlet > > container [1] to determinate if a given request is happening over a secure > > connection or not. > > So you might want to double check your container config. > > Assuming you're using Tomcat see [2] (secure and scheme parameter) > > > > Moreover the redirect loop you're experiencing make me think you're running > > behind an http server... > > Are you're handling the S in httpd? In this case you obviously need two > > tomcat (or whatever) endpoints (one secure=true the other secure=false), > > as the container hasn't access to the original (un)secured connection so > > it can't provide the this info to Tapestry. > > > > Luca > > > > > > > > > > [1] > > https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#getScheme() > > and > > > > https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#isSecure() > > [2] http://tomcat.apache.org/tomcat-7.0-doc/config/http.html > > - Original Message - > > > From: "Ben Titmarsh" > > > To: "Tapestry users" > > > Sent: Wednesday, February 18, 2015 6:45:18 PM > > > Subject: RE: Weird behaviour generating URLs for HTTPS pages > > > > > > That's right and if I don't add > > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); then all links > > > to > > > @Secure pages are generated with port 80 too. Not sure why that is.. > > > > > > > Date: Wed, 18 Feb 2015 12:40:51 -0500 > > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > From: gchrist...@cardaddy.com > > > > To: users@tapestry.apache.org > > > > > > > > My bad Ben, I was thinking this was something related to > > > > Tapestry-Security > > > > when I seen your login url example. > > > > > > > > So your saying your capable of accessing the pages directly with > > > > https:// > > > > without the use of @Secure, but with @Secure it puts you in an infinite > > > > loop while trying to access the page? > > > > > > > > On Wed, Feb 18, 2015 at 11:56 AM, Ben Titmarsh > > > > > > > > wrote: > > > > > > > > > Hi George, > > > > > > > > > > I don't have that property set to anything. My login page is just > > > > > called > > > > > "login" though! This problem is also happening on other pages that I > > > > > have > > > > > marked as secure, for example "register". > > > > > > > > > > Links aside I can't even hit those pages without getting caught in a > > > > > redirect loop, but I can happily hit any other page over https that > > >
RE: Weird behaviour generating URLs for HTTPS pages
I think you could be correct Luca. My tomcat is fronted by apache which has the following rules: ProxyPass / http://localhost:8080/ retry=0 ProxyPassReverse / http://localhost:8080/ ProxyPreserveHost on I'm not particularly hot on Apache but I suspect that something here is modifying Tapestry's https redirect to an http one, which in turn causes Tapestry to attempt the redirect back in the other direction causing the loop. Now reading a bit more about this stuff! > Date: Wed, 18 Feb 2015 19:07:50 +0100 > From: lu...@dbmsrl.com > To: users@tapestry.apache.org > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > Hi, > couldn't it be related to the servlet container config? > > As far as I remember tapestry uses information provided by the servlet > container [1] to determinate if a given request is happening over a secure > connection or not. > So you might want to double check your container config. > Assuming you're using Tomcat see [2] (secure and scheme parameter) > > Moreover the redirect loop you're experiencing make me think you're running > behind an http server... > Are you're handling the S in httpd? In this case you obviously need two > tomcat (or whatever) endpoints (one secure=true the other secure=false), as > the container hasn't access to the original (un)secured connection so it > can't provide the this info to Tapestry. > > Luca > > > > > [1] > https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#getScheme() > and > > https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#isSecure() > [2] http://tomcat.apache.org/tomcat-7.0-doc/config/http.html > - Original Message - > > From: "Ben Titmarsh" > > To: "Tapestry users" > > Sent: Wednesday, February 18, 2015 6:45:18 PM > > Subject: RE: Weird behaviour generating URLs for HTTPS pages > > > > That's right and if I don't add > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); then all links to > > @Secure pages are generated with port 80 too. Not sure why that is.. > > > > > Date: Wed, 18 Feb 2015 12:40:51 -0500 > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > From: gchrist...@cardaddy.com > > > To: users@tapestry.apache.org > > > > > > My bad Ben, I was thinking this was something related to Tapestry-Security > > > when I seen your login url example. > > > > > > So your saying your capable of accessing the pages directly with https:// > > > without the use of @Secure, but with @Secure it puts you in an infinite > > > loop while trying to access the page? > > > > > > On Wed, Feb 18, 2015 at 11:56 AM, Ben Titmarsh > > > > > > wrote: > > > > > > > Hi George, > > > > > > > > I don't have that property set to anything. My login page is just > > > > called > > > > "login" though! This problem is also happening on other pages that I > > > > have > > > > marked as secure, for example "register". > > > > > > > > Links aside I can't even hit those pages without getting caught in a > > > > redirect loop, but I can happily hit any other page over https that does > > > > not have the @Secure annotation. I've been looking around trying to > > > > find > > > > a > > > > filter or something in the Tapestry source that uses this @Secure > > > > annotation but can't seem to find it. I'm on Tapestry 5.3.7 for what > > > > that's worth. > > > > > > > > Thanks, > > > > Ben. > > > > > > > > > Date: Wed, 18 Feb 2015 11:47:16 -0500 > > > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > > From: gchrist...@cardaddy.com > > > > > To: users@tapestry.apache.org > > > > > > > > > > Hi Ben, what is your LOGIN_URL set too? Your not trying to secure the > > > > same > > > > > page your LOGIN_URL is set to right? > > > > > > > > > > Example > > > > > configuration.add(SecuritySymbols.LOGIN_URL, "/login"); > > > > > > > > > > On Wed, Feb 18, 2015 at 11:20 AM, Ben Titmarsh < > > > > ben.titma...@hotmail.co.uk> > > > > > wrote: > > > > > > > > &g
Re: Weird behaviour generating URLs for HTTPS pages
Port 80 appearing while secure is an odd behavior for sure. You can see a little bit more on how that works here. https://github.com/apache/tapestry-5/blob/e087cad11d609bc251727be91bf3d523811d541d/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/BaseURLSourceImpl.java As far as your infinite loop goes, I'm afraid we're going to have to wait for someone with a little bit more knowledge on that behavior than me. I can't say that I've ever experienced it, so I'm not exactly sure what it's doing. I generally let the application run in both https and http and have apache handle the redirection, but then again, I run my entire app in https, so that may not be a feasible solution for you. On Wed, Feb 18, 2015 at 12:45 PM, Ben Titmarsh wrote: > That's right and if I don't add > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); then all links > to @Secure pages are generated with port 80 too. Not sure why that is.. > > > Date: Wed, 18 Feb 2015 12:40:51 -0500 > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > From: gchrist...@cardaddy.com > > To: users@tapestry.apache.org > > > > My bad Ben, I was thinking this was something related to > Tapestry-Security > > when I seen your login url example. > > > > So your saying your capable of accessing the pages directly with https:// > > without the use of @Secure, but with @Secure it puts you in an infinite > > loop while trying to access the page? > > > > On Wed, Feb 18, 2015 at 11:56 AM, Ben Titmarsh < > ben.titma...@hotmail.co.uk> > > wrote: > > > > > Hi George, > > > > > > I don't have that property set to anything. My login page is just > called > > > "login" though! This problem is also happening on other pages that I > have > > > marked as secure, for example "register". > > > > > > Links aside I can't even hit those pages without getting caught in a > > > redirect loop, but I can happily hit any other page over https that > does > > > not have the @Secure annotation. I've been looking around trying to > find a > > > filter or something in the Tapestry source that uses this @Secure > > > annotation but can't seem to find it. I'm on Tapestry 5.3.7 for what > > > that's worth. > > > > > > Thanks, > > > Ben. > > > > > > > Date: Wed, 18 Feb 2015 11:47:16 -0500 > > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > From: gchrist...@cardaddy.com > > > > To: users@tapestry.apache.org > > > > > > > > Hi Ben, what is your LOGIN_URL set too? Your not trying to secure the > > > same > > > > page your LOGIN_URL is set to right? > > > > > > > > Example > > > > configuration.add(SecuritySymbols.LOGIN_URL, "/login"); > > > > > > > > On Wed, Feb 18, 2015 at 11:20 AM, Ben Titmarsh < > > > ben.titma...@hotmail.co.uk> > > > > wrote: > > > > > > > > > Hey Guys, > > > > > > > > > > I've just got my web server set up for SSL and it's working, but am > > > > > experiencing some odd behaviour from Tapestry. I've added the > @Secure > > > > > annotation to one of my pages but by default the link is generated > > > thus: > > > > > > > > > > https://[DOMAIN]:80/login > > > > > > > > > > I tried adding: > > > > > > > > > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); > > > > > > > > > > The link is now generated correctly like this (without a port): > > > > > > > > > > https://[DOMAIN]/login > > > > > > > > > > However when I hit that link, it gets caught in an infinite 302 > > > redirect > > > > > loop. > > > > > > > > > > I can quite happily hit any page without the @Secure annotation > over > > > https > > > > > and it loads fine. > > > > > > > > > > Any pointers? > > > > > > > > > > Thanks, > > > > > Ben. > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > George Christman > > > > CEO > > > > www.CarDaddy.com > > > > P.O. Box 735 > > > > Johnstown, New York > > > > > > > > > > > > > > -- > > George Christman > > CEO > > www.CarDaddy.com > > P.O. Box 735 > > Johnstown, New York > > -- George Christman CEO www.CarDaddy.com P.O. Box 735 Johnstown, New York
Re: Weird behaviour generating URLs for HTTPS pages
Hi, couldn't it be related to the servlet container config? As far as I remember tapestry uses information provided by the servlet container [1] to determinate if a given request is happening over a secure connection or not. So you might want to double check your container config. Assuming you're using Tomcat see [2] (secure and scheme parameter) Moreover the redirect loop you're experiencing make me think you're running behind an http server... Are you're handling the S in httpd? In this case you obviously need two tomcat (or whatever) endpoints (one secure=true the other secure=false), as the container hasn't access to the original (un)secured connection so it can't provide the this info to Tapestry. Luca [1] https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#getScheme() and https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#isSecure() [2] http://tomcat.apache.org/tomcat-7.0-doc/config/http.html - Original Message - > From: "Ben Titmarsh" > To: "Tapestry users" > Sent: Wednesday, February 18, 2015 6:45:18 PM > Subject: RE: Weird behaviour generating URLs for HTTPS pages > > That's right and if I don't add > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); then all links to > @Secure pages are generated with port 80 too. Not sure why that is.. > > > Date: Wed, 18 Feb 2015 12:40:51 -0500 > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > From: gchrist...@cardaddy.com > > To: users@tapestry.apache.org > > > > My bad Ben, I was thinking this was something related to Tapestry-Security > > when I seen your login url example. > > > > So your saying your capable of accessing the pages directly with https:// > > without the use of @Secure, but with @Secure it puts you in an infinite > > loop while trying to access the page? > > > > On Wed, Feb 18, 2015 at 11:56 AM, Ben Titmarsh > > wrote: > > > > > Hi George, > > > > > > I don't have that property set to anything. My login page is just called > > > "login" though! This problem is also happening on other pages that I > > > have > > > marked as secure, for example "register". > > > > > > Links aside I can't even hit those pages without getting caught in a > > > redirect loop, but I can happily hit any other page over https that does > > > not have the @Secure annotation. I've been looking around trying to find > > > a > > > filter or something in the Tapestry source that uses this @Secure > > > annotation but can't seem to find it. I'm on Tapestry 5.3.7 for what > > > that's worth. > > > > > > Thanks, > > > Ben. > > > > > > > Date: Wed, 18 Feb 2015 11:47:16 -0500 > > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > From: gchrist...@cardaddy.com > > > > To: users@tapestry.apache.org > > > > > > > > Hi Ben, what is your LOGIN_URL set too? Your not trying to secure the > > > same > > > > page your LOGIN_URL is set to right? > > > > > > > > Example > > > > configuration.add(SecuritySymbols.LOGIN_URL, "/login"); > > > > > > > > On Wed, Feb 18, 2015 at 11:20 AM, Ben Titmarsh < > > > ben.titma...@hotmail.co.uk> > > > > wrote: > > > > > > > > > Hey Guys, > > > > > > > > > > I've just got my web server set up for SSL and it's working, but am > > > > > experiencing some odd behaviour from Tapestry. I've added the > > > > > @Secure > > > > > annotation to one of my pages but by default the link is generated > > > thus: > > > > > > > > > > https://[DOMAIN]:80/login > > > > > > > > > > I tried adding: > > > > > > > > > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); > > > > > > > > > > The link is now generated correctly like this (without a port): > > > > > > > > > > https://[DOMAIN]/login > > > > > > > > > > However when I hit that link, it gets caught in an infinite 302 > > > redirect > > > > > loop. > > > > > > > > > > I can quite happily hit any page without the @Secure annotation over > > > https > > > > > and it loads fine. > > > > > > > > > > Any pointers? > > > > > > > > > > Thanks, > > > > > Ben. > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > George Christman > > > > CEO > > > > www.CarDaddy.com > > > > P.O. Box 735 > > > > Johnstown, New York > > > > > > > > > > > > > > -- > > George Christman > > CEO > > www.CarDaddy.com > > P.O. Box 735 > > Johnstown, New York > - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
RE: Weird behaviour generating URLs for HTTPS pages
That's right and if I don't add configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); then all links to @Secure pages are generated with port 80 too. Not sure why that is.. > Date: Wed, 18 Feb 2015 12:40:51 -0500 > Subject: Re: Weird behaviour generating URLs for HTTPS pages > From: gchrist...@cardaddy.com > To: users@tapestry.apache.org > > My bad Ben, I was thinking this was something related to Tapestry-Security > when I seen your login url example. > > So your saying your capable of accessing the pages directly with https:// > without the use of @Secure, but with @Secure it puts you in an infinite > loop while trying to access the page? > > On Wed, Feb 18, 2015 at 11:56 AM, Ben Titmarsh > wrote: > > > Hi George, > > > > I don't have that property set to anything. My login page is just called > > "login" though! This problem is also happening on other pages that I have > > marked as secure, for example "register". > > > > Links aside I can't even hit those pages without getting caught in a > > redirect loop, but I can happily hit any other page over https that does > > not have the @Secure annotation. I've been looking around trying to find a > > filter or something in the Tapestry source that uses this @Secure > > annotation but can't seem to find it. I'm on Tapestry 5.3.7 for what > > that's worth. > > > > Thanks, > > Ben. > > > > > Date: Wed, 18 Feb 2015 11:47:16 -0500 > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > From: gchrist...@cardaddy.com > > > To: users@tapestry.apache.org > > > > > > Hi Ben, what is your LOGIN_URL set too? Your not trying to secure the > > same > > > page your LOGIN_URL is set to right? > > > > > > Example > > > configuration.add(SecuritySymbols.LOGIN_URL, "/login"); > > > > > > On Wed, Feb 18, 2015 at 11:20 AM, Ben Titmarsh < > > ben.titma...@hotmail.co.uk> > > > wrote: > > > > > > > Hey Guys, > > > > > > > > I've just got my web server set up for SSL and it's working, but am > > > > experiencing some odd behaviour from Tapestry. I've added the @Secure > > > > annotation to one of my pages but by default the link is generated > > thus: > > > > > > > > https://[DOMAIN]:80/login > > > > > > > > I tried adding: > > > > > > > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); > > > > > > > > The link is now generated correctly like this (without a port): > > > > > > > > https://[DOMAIN]/login > > > > > > > > However when I hit that link, it gets caught in an infinite 302 > > redirect > > > > loop. > > > > > > > > I can quite happily hit any page without the @Secure annotation over > > https > > > > and it loads fine. > > > > > > > > Any pointers? > > > > > > > > Thanks, > > > > Ben. > > > > > > > > > > > > > > > > > > > -- > > > George Christman > > > CEO > > > www.CarDaddy.com > > > P.O. Box 735 > > > Johnstown, New York > > > > > > > > -- > George Christman > CEO > www.CarDaddy.com > P.O. Box 735 > Johnstown, New York
Re: Weird behaviour generating URLs for HTTPS pages
My bad Ben, I was thinking this was something related to Tapestry-Security when I seen your login url example. So your saying your capable of accessing the pages directly with https:// without the use of @Secure, but with @Secure it puts you in an infinite loop while trying to access the page? On Wed, Feb 18, 2015 at 11:56 AM, Ben Titmarsh wrote: > Hi George, > > I don't have that property set to anything. My login page is just called > "login" though! This problem is also happening on other pages that I have > marked as secure, for example "register". > > Links aside I can't even hit those pages without getting caught in a > redirect loop, but I can happily hit any other page over https that does > not have the @Secure annotation. I've been looking around trying to find a > filter or something in the Tapestry source that uses this @Secure > annotation but can't seem to find it. I'm on Tapestry 5.3.7 for what > that's worth. > > Thanks, > Ben. > > > Date: Wed, 18 Feb 2015 11:47:16 -0500 > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > From: gchrist...@cardaddy.com > > To: users@tapestry.apache.org > > > > Hi Ben, what is your LOGIN_URL set too? Your not trying to secure the > same > > page your LOGIN_URL is set to right? > > > > Example > > configuration.add(SecuritySymbols.LOGIN_URL, "/login"); > > > > On Wed, Feb 18, 2015 at 11:20 AM, Ben Titmarsh < > ben.titma...@hotmail.co.uk> > > wrote: > > > > > Hey Guys, > > > > > > I've just got my web server set up for SSL and it's working, but am > > > experiencing some odd behaviour from Tapestry. I've added the @Secure > > > annotation to one of my pages but by default the link is generated > thus: > > > > > > https://[DOMAIN]:80/login > > > > > > I tried adding: > > > > > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); > > > > > > The link is now generated correctly like this (without a port): > > > > > > https://[DOMAIN]/login > > > > > > However when I hit that link, it gets caught in an infinite 302 > redirect > > > loop. > > > > > > I can quite happily hit any page without the @Secure annotation over > https > > > and it loads fine. > > > > > > Any pointers? > > > > > > Thanks, > > > Ben. > > > > > > > > > > > > > -- > > George Christman > > CEO > > www.CarDaddy.com > > P.O. Box 735 > > Johnstown, New York > > -- George Christman CEO www.CarDaddy.com P.O. Box 735 Johnstown, New York
RE: Weird behaviour generating URLs for HTTPS pages
Hi George, I don't have that property set to anything. My login page is just called "login" though! This problem is also happening on other pages that I have marked as secure, for example "register". Links aside I can't even hit those pages without getting caught in a redirect loop, but I can happily hit any other page over https that does not have the @Secure annotation. I've been looking around trying to find a filter or something in the Tapestry source that uses this @Secure annotation but can't seem to find it. I'm on Tapestry 5.3.7 for what that's worth. Thanks, Ben. > Date: Wed, 18 Feb 2015 11:47:16 -0500 > Subject: Re: Weird behaviour generating URLs for HTTPS pages > From: gchrist...@cardaddy.com > To: users@tapestry.apache.org > > Hi Ben, what is your LOGIN_URL set too? Your not trying to secure the same > page your LOGIN_URL is set to right? > > Example > configuration.add(SecuritySymbols.LOGIN_URL, "/login"); > > On Wed, Feb 18, 2015 at 11:20 AM, Ben Titmarsh > wrote: > > > Hey Guys, > > > > I've just got my web server set up for SSL and it's working, but am > > experiencing some odd behaviour from Tapestry. I've added the @Secure > > annotation to one of my pages but by default the link is generated thus: > > > > https://[DOMAIN]:80/login > > > > I tried adding: > > > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); > > > > The link is now generated correctly like this (without a port): > > > > https://[DOMAIN]/login > > > > However when I hit that link, it gets caught in an infinite 302 redirect > > loop. > > > > I can quite happily hit any page without the @Secure annotation over https > > and it loads fine. > > > > Any pointers? > > > > Thanks, > > Ben. > > > > > > > -- > George Christman > CEO > www.CarDaddy.com > P.O. Box 735 > Johnstown, New York
Re: Weird behaviour generating URLs for HTTPS pages
Hi Ben, what is your LOGIN_URL set too? Your not trying to secure the same page your LOGIN_URL is set to right? Example configuration.add(SecuritySymbols.LOGIN_URL, "/login"); On Wed, Feb 18, 2015 at 11:20 AM, Ben Titmarsh wrote: > Hey Guys, > > I've just got my web server set up for SSL and it's working, but am > experiencing some odd behaviour from Tapestry. I've added the @Secure > annotation to one of my pages but by default the link is generated thus: > > https://[DOMAIN]:80/login > > I tried adding: > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); > > The link is now generated correctly like this (without a port): > > https://[DOMAIN]/login > > However when I hit that link, it gets caught in an infinite 302 redirect > loop. > > I can quite happily hit any page without the @Secure annotation over https > and it loads fine. > > Any pointers? > > Thanks, > Ben. > -- George Christman CEO www.CarDaddy.com P.O. Box 735 Johnstown, New York
Weird behaviour generating URLs for HTTPS pages
Hey Guys, I've just got my web server set up for SSL and it's working, but am experiencing some odd behaviour from Tapestry. I've added the @Secure annotation to one of my pages but by default the link is generated thus: https://[DOMAIN]:80/login I tried adding: configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); The link is now generated correctly like this (without a port): https://[DOMAIN]/login However when I hit that link, it gets caught in an infinite 302 redirect loop. I can quite happily hit any page without the @Secure annotation over https and it loads fine. Any pointers? Thanks, Ben.
