I've faced similar issues in the past (see TAP5-167), but these days I just access everything through https.
It does sound like you were using @Secure on your login page, but nowhere else. I seem to recall that if you use @Secure on one page, then it will try to use http on pages NOT marked with @Secure. To get around that, you end up skipping the @Secure and sending passwords plaintext over your internal network - not a great practice. I am curious if anyone ever came up with a good way of doing what you are trying to do. A few questions that come to mind are: Which version of T5? Have you overridden anything like BaseURLSource? Have you provided any parameters like HOSTPORT or HOSTPORT_SECURE? On Thu, Feb 5, 2015 at 4:16 AM, Martin Nagl <mn...@mtbiker.sk> wrote: > Hi all, > > we have a Tapesty5 application deployed on Tomcat + Apache httpd. In > production environment at our customer, the application should be deployed > / accessed like this: > - Tomcat is running on a server in internal network on port 8080. > - There is an Apache HTTP server with reverse proxy to Tomcat (AJP) > accessible from the internet on port 80. > - Internal users should access the application on Tomcat directly without > https on http://servername.intranet.customer.sk:8080/appname/login > - External users should access the application through Apache httpd, with > https, on https://apps.customer.sk/appname/login > > 1. Initiallly, I had no @Secure annotations on my pages. The application > worked correctly from internal network, but not from internet. From > internet, I could access the login page through https, but after submit, I > get somehow redirected to http which ends with server error: Your browser > sent a request that this server could not understand. > Reason: You're speaking plain HTTP to an SSL-enabled server port. > Instead use the HTTPS scheme to access this URL, please. > > 2. I have annotated all my pages with @Secure. The aplication now works > correctly from internet, but not from internal network. From internal > network, I can access > http://servername.intranet.customer.sk:8080/appname/login but I get > redirected to https at > https://servername.intranet.customer.sk:8080/appname/login. - This is not > desired, I would like the application to continue in http mode. > > Is this setup possible with a Tapestry5 application (a single deployed > instance)? > Is there some way to tell Tapestry "If you're accessed through https, then > serve all pages through https, else if you're accessed through http, then > serve all pages through http"? > > Thanks > Regards > Martin -- Jonathan Barker ITStrategic --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
