Luca, Your reply was tremendously helpful. I don't really know my way around apache and tomcat but using your guide I managed to figure it out and am now doing as you suggest, terminating SSL at Apache then running two Tomcat connectors over HTTP, one with secure=true.
All working great. Thanks again, Ben. > Date: Wed, 18 Feb 2015 20:39:50 +0100 > From: lu...@dbmsrl.com > To: users@tapestry.apache.org > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > ... then this might save you some time: > > The easiest way is to setup one vhost for HTTP and another for HTTPS in > apache. > Terminate and handle the TLS/SSl connection in the apache HTTPS vhost as you > seem to be doing now > The two vhost should forward (Proxy pass) request to two distinct Tomcat > connectors. > > Add secure and scheme attribute to the tomcat connector definitions. > Depending on your setup you might find useful to also set the proxyName and > proxyPort attributes of the tomcat connectors, > they set the public dnsname and port for your services and will be use to > build full redirect URLs. > > > > Luca > > > > > > > > Luca > ----- Original Message ----- > > From: "Ben Titmarsh" <ben.titma...@hotmail.co.uk> > > To: "Tapestry users" <users@tapestry.apache.org> > > Sent: Wednesday, February 18, 2015 7:53:29 PM > > Subject: RE: Weird behaviour generating URLs for HTTPS pages > > > > I think you could be correct Luca. My tomcat is fronted by apache which has > > the following rules: > > > > ProxyPass / http://localhost:8080/ retry=0 > > ProxyPassReverse / http://localhost:8080/ > > ProxyPreserveHost on > > > > I'm not particularly hot on Apache but I suspect that something here is > > modifying Tapestry's https redirect to an http one, which in turn causes > > Tapestry to attempt the redirect back in the other direction causing the > > loop. > > > > Now reading a bit more about this stuff! > > > > > Date: Wed, 18 Feb 2015 19:07:50 +0100 > > > From: lu...@dbmsrl.com > > > To: users@tapestry.apache.org > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > > > Hi, > > > couldn't it be related to the servlet container config? > > > > > > As far as I remember tapestry uses information provided by the servlet > > > container [1] to determinate if a given request is happening over a secure > > > connection or not. > > > So you might want to double check your container config. > > > Assuming you're using Tomcat see [2] (secure and scheme parameter) > > > > > > Moreover the redirect loop you're experiencing make me think you're > > > running > > > behind an http server... > > > Are you're handling the S in httpd? In this case you obviously need two > > > tomcat (or whatever) endpoints (one secure=true the other secure=false), > > > as the container hasn't access to the original (un)secured connection so > > > it can't provide the this info to Tapestry. > > > > > > Luca > > > > > > > > > > > > > > > [1] > > > https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#getScheme() > > > and > > > > > > https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#isSecure() > > > [2] http://tomcat.apache.org/tomcat-7.0-doc/config/http.html > > > ----- Original Message ----- > > > > From: "Ben Titmarsh" <ben.titma...@hotmail.co.uk> > > > > To: "Tapestry users" <users@tapestry.apache.org> > > > > Sent: Wednesday, February 18, 2015 6:45:18 PM > > > > Subject: RE: Weird behaviour generating URLs for HTTPS pages > > > > > > > > That's right and if I don't add > > > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); then all > > > > links > > > > to > > > > @Secure pages are generated with port 80 too. Not sure why that is.. > > > > > > > > > Date: Wed, 18 Feb 2015 12:40:51 -0500 > > > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > > From: gchrist...@cardaddy.com > > > > > To: users@tapestry.apache.org > > > > > > > > > > My bad Ben, I was thinking this was something related to > > > > > Tapestry-Security > > > > > when I seen your login url example. > > > > > > > > > > So your saying your capable of accessing the pages directly with > > > > > https:// > > > > > without the use of @Secure, but with @Secure it puts you in an > > > > > infinite > > > > > loop while trying to access the page? > > > > > > > > > > On Wed, Feb 18, 2015 at 11:56 AM, Ben Titmarsh > > > > > <ben.titma...@hotmail.co.uk> > > > > > wrote: > > > > > > > > > > > Hi George, > > > > > > > > > > > > I don't have that property set to anything. My login page is just > > > > > > called > > > > > > "login" though! This problem is also happening on other pages that > > > > > > I > > > > > > have > > > > > > marked as secure, for example "register". > > > > > > > > > > > > Links aside I can't even hit those pages without getting caught in a > > > > > > redirect loop, but I can happily hit any other page over https that > > > > > > does > > > > > > not have the @Secure annotation. I've been looking around trying to > > > > > > find > > > > > > a > > > > > > filter or something in the Tapestry source that uses this @Secure > > > > > > annotation but can't seem to find it. I'm on Tapestry 5.3.7 for > > > > > > what > > > > > > that's worth. > > > > > > > > > > > > Thanks, > > > > > > Ben. > > > > > > > > > > > > > Date: Wed, 18 Feb 2015 11:47:16 -0500 > > > > > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > > > > From: gchrist...@cardaddy.com > > > > > > > To: users@tapestry.apache.org > > > > > > > > > > > > > > Hi Ben, what is your LOGIN_URL set too? Your not trying to secure > > > > > > > the > > > > > > same > > > > > > > page your LOGIN_URL is set to right? > > > > > > > > > > > > > > Example > > > > > > > configuration.add(SecuritySymbols.LOGIN_URL, "/login"); > > > > > > > > > > > > > > On Wed, Feb 18, 2015 at 11:20 AM, Ben Titmarsh < > > > > > > ben.titma...@hotmail.co.uk> > > > > > > > wrote: > > > > > > > > > > > > > > > Hey Guys, > > > > > > > > > > > > > > > > I've just got my web server set up for SSL and it's working, but > > > > > > > > am > > > > > > > > experiencing some odd behaviour from Tapestry. I've added the > > > > > > > > @Secure > > > > > > > > annotation to one of my pages but by default the link is > > > > > > > > generated > > > > > > thus: > > > > > > > > > > > > > > > > https://[DOMAIN]:80/login > > > > > > > > > > > > > > > > I tried adding: > > > > > > > > > > > > > > > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); > > > > > > > > > > > > > > > > The link is now generated correctly like this (without a port): > > > > > > > > > > > > > > > > https://[DOMAIN]/login > > > > > > > > > > > > > > > > However when I hit that link, it gets caught in an infinite 302 > > > > > > redirect > > > > > > > > loop. > > > > > > > > > > > > > > > > I can quite happily hit any page without the @Secure annotation > > > > > > > > over > > > > > > https > > > > > > > > and it loads fine. > > > > > > > > > > > > > > > > Any pointers? > > > > > > > > > > > > > > > > Thanks, > > > > > > > > Ben. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > George Christman > > > > > > > CEO > > > > > > > www.CarDaddy.com > > > > > > > P.O. Box 735 > > > > > > > Johnstown, New York > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > George Christman > > > > > CEO > > > > > www.CarDaddy.com > > > > > P.O. Box 735 > > > > > Johnstown, New York > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org >
