You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Dave Greggory <da...@yahoo.com> on 2009/05/18 15:15:50 UTC
[t5.0.18] Secure Annotation / BaseURLSource
I've been using BaseURLSource(since behind a firewall/load balancer) fine all this time, and recently I needed a secure page, so I added the @Secure annotation on that page. But that page is no longer working because @Secure annotation ends up sending continuous redirects. What am I doing wrong?
My BaseURLSource implementation:
BaseURLSource source = new BaseURLSource()
{
public String getBaseURL(boolean secure)
{
return (secure) ? baseURL : baseSecureURL;
}
}
Thanks,
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
@Secure solution (was Re: [t5.0.18] Secure Annotation / BaseURLSource)
Posted by Geoff Callender <ge...@gmail.com>.
I've found a solution - use AJP (instead of HTTP) from Apache to Jetty/Tomcat. Apache handles the SSL and AJP preserves the security info, so Tapestry knows a secure channel was used and the @Secure annotation just works. Perfect.
For the record, the key lines for httpd-ssl.conf are like this:
SSLOptions +ExportCertData
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass /myapp ajp://gc1.local:18080/myapp retry=5
ProxyPassReverse /myapp ajp://gc1.local:18080/myapp
The full config info is in these articles:
http://www.zeitoun.net/articles/client-certificate-x509-authentication-behind-reverse-proxy/start (see "Between Apache and Tomcat")
http://docs.codehaus.org/display/JETTY/Configuring+mod_proxy (alternative 1 causes the problem, whereas alternative 2 works!)
HTH someone else,
Geoff
On 09/02/2010, at 12:23 AM, Geoff Callender wrote:
> Hi Dave et al,
>
> Did you find an OK solution to this? I too am hoping to have Apache look after https and feed only http to the web server, but any page marked @Secure will reject http and redirect to https, so you end in a loop bouncing between browser and webserver via Apache.
>
> Cheers,
>
> Geoff
>
> On 20/05/2009, at 1:02 AM, Dave Greggory wrote:
>
>>
>> I'm attempting to contribute my own RequestSecurityManager, but if anybody else has a better idea where I don't have to touch internal stuff let me know.
>>
>>
>>
>> ----- Original Message ----
>> From: Dave Greggory <da...@yahoo.com>
>> To: Tapestry users <us...@tapestry.apache.org>
>> Sent: Tuesday, May 19, 2009 10:51:41 AM
>> Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
>>
>>
>> Well looks like our internal network structure is pretty set and can't be changed.
>>
>> Users <-- internet (http / https connections ) --> load balancer/firewall <-- internal network (http) --> tomcat
>>
>> We have a way of determining from within a tomcat application whether internet connection to firewall is secure. This can be done because the firewall adds a request header indicating SSL status. This is how we usually determine this. Can I get tapestry use my helper method that does this check to determine whether the connection was secure? How can I get secure connections working in this situation?
>>
>> Thanks so much.
>> Dave
>>
>>
>>
>>
>> ----- Original Message ----
>> From: Dave Greggory <da...@yahoo.com>
>> To: Tapestry users <us...@tapestry.apache.org>
>> Sent: Monday, May 18, 2009 12:16:36 PM
>> Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
>>
>>
>> Don't worry about it, turns out our internal network is screwed up... connections between users and the load balancer is secure, but not between load balancer and app server.
>>
>>
>>
>> ----- Original Message ----
>> From: Dave Greggory <da...@yahoo.com>
>> To: Tapestry users <us...@tapestry.apache.org>
>> Sent: Monday, May 18, 2009 11:56:56 AM
>> Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
>>
>>
>> obviously, it is.
>>
>>
>>
>> ----- Original Message ----
>> From: Martin Strand <do...@gmail.com>
>> To: Tapestry users <us...@tapestry.apache.org>
>> Sent: Monday, May 18, 2009 11:40:40 AM
>> Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
>>
>> Just a guess... perhaps baseSecureURL is not an https url?
>>
>>
>> On Mon, 18 May 2009 15:15:50 +0200, Dave Greggory <da...@yahoo.com> wrote:
>>
>>>
>>> I've been using BaseURLSource(since behind a firewall/load balancer) fine all this time, and recently I needed a secure page, so I added the @Secure annotation on that page. But that page is no longer working because @Secure annotation ends up sending continuous redirects. What am I doing wrong?
>>>
>>> My BaseURLSource implementation:
>>>
>>> BaseURLSource source = new BaseURLSource()
>>> {
>>> public String getBaseURL(boolean secure)
>>> {
>>> return (secure) ? baseURL : baseSecureURL;
>>> }
>>> }
>>>
>>> Thanks,
>>> Dave
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [t5.0.18] Secure Annotation / BaseURLSource
Posted by Geoff Callender <ge...@gmail.com>.
Hi Dave et al,
Did you find an OK solution to this? I too am hoping to have Apache look after https and feed only http to the web server, but any page marked @Secure will reject http and redirect to https, so you end in a loop bouncing between browser and webserver via Apache.
Cheers,
Geoff
On 20/05/2009, at 1:02 AM, Dave Greggory wrote:
>
> I'm attempting to contribute my own RequestSecurityManager, but if anybody else has a better idea where I don't have to touch internal stuff let me know.
>
>
>
> ----- Original Message ----
> From: Dave Greggory <da...@yahoo.com>
> To: Tapestry users <us...@tapestry.apache.org>
> Sent: Tuesday, May 19, 2009 10:51:41 AM
> Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
>
>
> Well looks like our internal network structure is pretty set and can't be changed.
>
> Users <-- internet (http / https connections ) --> load balancer/firewall <-- internal network (http) --> tomcat
>
> We have a way of determining from within a tomcat application whether internet connection to firewall is secure. This can be done because the firewall adds a request header indicating SSL status. This is how we usually determine this. Can I get tapestry use my helper method that does this check to determine whether the connection was secure? How can I get secure connections working in this situation?
>
> Thanks so much.
> Dave
>
>
>
>
> ----- Original Message ----
> From: Dave Greggory <da...@yahoo.com>
> To: Tapestry users <us...@tapestry.apache.org>
> Sent: Monday, May 18, 2009 12:16:36 PM
> Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
>
>
> Don't worry about it, turns out our internal network is screwed up... connections between users and the load balancer is secure, but not between load balancer and app server.
>
>
>
> ----- Original Message ----
> From: Dave Greggory <da...@yahoo.com>
> To: Tapestry users <us...@tapestry.apache.org>
> Sent: Monday, May 18, 2009 11:56:56 AM
> Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
>
>
> obviously, it is.
>
>
>
> ----- Original Message ----
> From: Martin Strand <do...@gmail.com>
> To: Tapestry users <us...@tapestry.apache.org>
> Sent: Monday, May 18, 2009 11:40:40 AM
> Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
>
> Just a guess... perhaps baseSecureURL is not an https url?
>
>
> On Mon, 18 May 2009 15:15:50 +0200, Dave Greggory <da...@yahoo.com> wrote:
>
>>
>> I've been using BaseURLSource(since behind a firewall/load balancer) fine all this time, and recently I needed a secure page, so I added the @Secure annotation on that page. But that page is no longer working because @Secure annotation ends up sending continuous redirects. What am I doing wrong?
>>
>> My BaseURLSource implementation:
>>
>> BaseURLSource source = new BaseURLSource()
>> {
>> public String getBaseURL(boolean secure)
>> {
>> return (secure) ? baseURL : baseSecureURL;
>> }
>> }
>>
>> Thanks,
>> Dave
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [t5.0.18] Secure Annotation / BaseURLSource
Posted by Dave Greggory <da...@yahoo.com>.
I'm attempting to contribute my own RequestSecurityManager, but if anybody else has a better idea where I don't have to touch internal stuff let me know.
----- Original Message ----
From: Dave Greggory <da...@yahoo.com>
To: Tapestry users <us...@tapestry.apache.org>
Sent: Tuesday, May 19, 2009 10:51:41 AM
Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
Well looks like our internal network structure is pretty set and can't be changed.
Users <-- internet (http / https connections ) --> load balancer/firewall <-- internal network (http) --> tomcat
We have a way of determining from within a tomcat application whether internet connection to firewall is secure. This can be done because the firewall adds a request header indicating SSL status. This is how we usually determine this. Can I get tapestry use my helper method that does this check to determine whether the connection was secure? How can I get secure connections working in this situation?
Thanks so much.
Dave
----- Original Message ----
From: Dave Greggory <da...@yahoo.com>
To: Tapestry users <us...@tapestry.apache.org>
Sent: Monday, May 18, 2009 12:16:36 PM
Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
Don't worry about it, turns out our internal network is screwed up... connections between users and the load balancer is secure, but not between load balancer and app server.
----- Original Message ----
From: Dave Greggory <da...@yahoo.com>
To: Tapestry users <us...@tapestry.apache.org>
Sent: Monday, May 18, 2009 11:56:56 AM
Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
obviously, it is.
----- Original Message ----
From: Martin Strand <do...@gmail.com>
To: Tapestry users <us...@tapestry.apache.org>
Sent: Monday, May 18, 2009 11:40:40 AM
Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
Just a guess... perhaps baseSecureURL is not an https url?
On Mon, 18 May 2009 15:15:50 +0200, Dave Greggory <da...@yahoo.com> wrote:
>
> I've been using BaseURLSource(since behind a firewall/load balancer) fine all this time, and recently I needed a secure page, so I added the @Secure annotation on that page. But that page is no longer working because @Secure annotation ends up sending continuous redirects. What am I doing wrong?
>
> My BaseURLSource implementation:
>
> BaseURLSource source = new BaseURLSource()
> {
> public String getBaseURL(boolean secure)
> {
> return (secure) ? baseURL : baseSecureURL;
> }
> }
>
> Thanks,
> Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [t5.0.18] Secure Annotation / BaseURLSource
Posted by Dave Greggory <da...@yahoo.com>.
Well looks like our internal network structure is pretty set and can't be changed.
Users <-- internet (http / https connections ) --> load balancer/firewall <-- internal network (http) --> tomcat
We have a way of determining from within a tomcat application whether internet connection to firewall is secure. This can be done because the firewall adds a request header indicating SSL status. This is how we usually determine this. Can I get tapestry use my helper method that does this check to determine whether the connection was secure? How can I get secure connections working in this situation?
Thanks so much.
Dave
----- Original Message ----
From: Dave Greggory <da...@yahoo.com>
To: Tapestry users <us...@tapestry.apache.org>
Sent: Monday, May 18, 2009 12:16:36 PM
Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
Don't worry about it, turns out our internal network is screwed up... connections between users and the load balancer is secure, but not between load balancer and app server.
----- Original Message ----
From: Dave Greggory <da...@yahoo.com>
To: Tapestry users <us...@tapestry.apache.org>
Sent: Monday, May 18, 2009 11:56:56 AM
Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
obviously, it is.
----- Original Message ----
From: Martin Strand <do...@gmail.com>
To: Tapestry users <us...@tapestry.apache.org>
Sent: Monday, May 18, 2009 11:40:40 AM
Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
Just a guess... perhaps baseSecureURL is not an https url?
On Mon, 18 May 2009 15:15:50 +0200, Dave Greggory <da...@yahoo.com> wrote:
>
> I've been using BaseURLSource(since behind a firewall/load balancer) fine all this time, and recently I needed a secure page, so I added the @Secure annotation on that page. But that page is no longer working because @Secure annotation ends up sending continuous redirects. What am I doing wrong?
>
> My BaseURLSource implementation:
>
> BaseURLSource source = new BaseURLSource()
> {
> public String getBaseURL(boolean secure)
> {
> return (secure) ? baseURL : baseSecureURL;
> }
> }
>
> Thanks,
> Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [t5.0.18] Secure Annotation / BaseURLSource
Posted by Dave Greggory <da...@yahoo.com>.
Don't worry about it, turns out our internal network is screwed up... connections between users and the load balancer is secure, but not between load balancer and app server.
----- Original Message ----
From: Dave Greggory <da...@yahoo.com>
To: Tapestry users <us...@tapestry.apache.org>
Sent: Monday, May 18, 2009 11:56:56 AM
Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
obviously, it is.
----- Original Message ----
From: Martin Strand <do...@gmail.com>
To: Tapestry users <us...@tapestry.apache.org>
Sent: Monday, May 18, 2009 11:40:40 AM
Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
Just a guess... perhaps baseSecureURL is not an https url?
On Mon, 18 May 2009 15:15:50 +0200, Dave Greggory <da...@yahoo.com> wrote:
>
> I've been using BaseURLSource(since behind a firewall/load balancer) fine all this time, and recently I needed a secure page, so I added the @Secure annotation on that page. But that page is no longer working because @Secure annotation ends up sending continuous redirects. What am I doing wrong?
>
> My BaseURLSource implementation:
>
> BaseURLSource source = new BaseURLSource()
> {
> public String getBaseURL(boolean secure)
> {
> return (secure) ? baseURL : baseSecureURL;
> }
> }
>
> Thanks,
> Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [t5.0.18] Secure Annotation / BaseURLSource
Posted by Dave Greggory <da...@yahoo.com>.
obviously, it is.
----- Original Message ----
From: Martin Strand <do...@gmail.com>
To: Tapestry users <us...@tapestry.apache.org>
Sent: Monday, May 18, 2009 11:40:40 AM
Subject: Re: [t5.0.18] Secure Annotation / BaseURLSource
Just a guess... perhaps baseSecureURL is not an https url?
On Mon, 18 May 2009 15:15:50 +0200, Dave Greggory <da...@yahoo.com> wrote:
>
> I've been using BaseURLSource(since behind a firewall/load balancer) fine all this time, and recently I needed a secure page, so I added the @Secure annotation on that page. But that page is no longer working because @Secure annotation ends up sending continuous redirects. What am I doing wrong?
>
> My BaseURLSource implementation:
>
> BaseURLSource source = new BaseURLSource()
> {
> public String getBaseURL(boolean secure)
> {
> return (secure) ? baseURL : baseSecureURL;
> }
> }
>
> Thanks,
> Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [t5.0.18] Secure Annotation / BaseURLSource
Posted by Martin Strand <do...@gmail.com>.
Just a guess... perhaps baseSecureURL is not an https url?
On Mon, 18 May 2009 15:15:50 +0200, Dave Greggory <da...@yahoo.com> wrote:
>
> I've been using BaseURLSource(since behind a firewall/load balancer) fine all this time, and recently I needed a secure page, so I added the @Secure annotation on that page. But that page is no longer working because @Secure annotation ends up sending continuous redirects. What am I doing wrong?
>
> My BaseURLSource implementation:
>
> BaseURLSource source = new BaseURLSource()
> {
> public String getBaseURL(boolean secure)
> {
> return (secure) ? baseURL : baseSecureURL;
> }
> }
>
> Thanks,
> Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org