Sorry for the thread revival, however I am coming up against the same
problem.
I have a page needs to be served via https for some customers and http
for others.
If I request the page via https without the @Secure annotation, all ajax
event urls are incorrectly altered to:
http://domain:443/app/page:event
- both the protocol and port are incorrect in this case.
If I request the page via https with the @Secure annotation, ajax event
urls are correctly altered to:
https://domain/app/page:event
Another problem is, when requesting the page via http with the @Secure
annotation redirect incorrectly to https:
https://domain:80/app/page
<https://maps.vodafone.com.au:80/VHAMap-stage/publiccoverage/public-vf>
- not sure why port 80 is added, it is not needed in our config.
So my question is, how can I achieve the behaviour of @Secure
dynamically and only if the request is made over https?
Thanks, Paul.
On 28/06/2012 10:20 PM, Thiago H de Paula Figueiredo wrote:
On Thu, 28 Jun 2012 03:52:24 -0300, Henrik von Schlanbusch
<hen...@enovate.no> wrote:
Hi
Hi!
Is it possible to have the same page secured and not secured?
I have a page now that need to be accessed via https.
Consequently I have annotated it with @Secure.
You misuderstood @Secure. You don't need it in a page so it can be
accessed though HTTPS. @Secure guarantees that the page is only
requested through HTTPS, redirecting if needed. From the @Secure
JavaDoc: "A marker annotation that indicates that the page in question
may only be accessed via HTTPS."
Just remove @Secure and it will work with HTTP and HTTPS.
