Hi,
I’ve found 2 situations where an HTTP URL is returned despite having set the
whole application to “secure”.
* The 2 event handlers below are not correct - they return HTTP URLs (in, of
course, a 302 redirect), not HTTPS URLs.
public class Page1 {
@InjectPage
private Page2 page2;
Object onToPage2InjectPage() {
return page2;
}
Object onToPage2Class() {
return Page2.class;
}
}
* Whereas PageLink and EventLink are correct - in Page1 they generated HTTPS
URLs.
<body>
<h1>Page 1</h1>
<t:pagelink page="page2">To Page 2 (PageLink)</t:pagelink>
<p/>
<t:eventlink event="toPage2InjectPage">To Page 2
(InjectPage)</t:eventlink>
<p/>
<t:eventlink event="toPage2Class">To Page 2 (Class)</t:eventlink>
</body>
This DID work in my previous setup, which was Apache virtual host on port 443,
handling the SSL, and proxying via AJP to Tapestry in Wildfly on port 8009.
What’s changed is that I’ve put an AWS ALB (Application Load Balancer) in front
of Apache. ALB handles the SSL, forwards to Apache on port 80, which proxies
via AJP to Tapestry in Wildfly on port 8009.
I think the HTTP headers on the requests are all intact. But even if they
aren’t, shouldn’t the following configuration guarantee that the event handlers
shown above return HTTPS URLs?
public void contributeMetaDataLocator(MappedConfiguration<String,
String> configuration) {
configuration.add(MetaDataConstants.SECURE_PAGE, "true");
}
I saw an earlier post that suggested doing the following, but it had the same
result:
public static void
contributeApplicationDefaults(MappedConfiguration<String, String>
configuration) {
configuration.add(MetaDataConstants.SECURE_PAGE, "true");
}
Regards,
Geoff
