You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@wicket.apache.org by Tim Urberg <ti...@urberg.net> on 2013/03/27 18:41:00 UTC

HttpsMapper not Switching to SSL When there is no JsessionId Cookie

Hi Everyone,

I'm having an issue with HttpsMapper not switching to SSL when there is 
no JSESSIONID cookie.  It's happening with wicket-auth-roles when the 
user goes to the home page, which need authentication.  I have this code 
in my init method in my WebApplication class.

getSecuritySettings().setAuthorizationStrategy(new IAuthorizationStrategy()
{
    @Override
    public <T extends IRequestableComponent> boolean 
isInstantiationAuthorized(Class<T> componentClass)
    {
       if (AuthenticatedWebPage.class.isAssignableFrom(componentClass))
       {
          if (MyAuthenticatedWebSession.get().isSignedIn())
             return true;

          throw new RestartResponseAtInterceptPageException(new 
LoginPage());
       }

       return true;
    }

    @Override
    public boolean isActionAuthorized(Component component, Action action)
    {
       return true;
    }
});

HomePage implements AuthenticatedWebPage and LoginPage has the 
@RequireHttps annotation.  This only seems to happen when there is no 
JSESSIONID cookie.  The URL looks like this:

http://localhost:7011/documentation/login;jsessionid=1c9nRTpWGWynRXdX1WKC5ZnSfTNKCydGTdHH83mvfXQZQcQ8fLpx!-1875818450?0

when it should be https://localhost:7012/login.  If I try it a second 
time after the cookie has been created it works fine.  This is not a 
problem when I go straight to http://localhost:7011/login (works fine 
then).  Just wondering if anyone else has this problem.

Thanks,
Tim

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: HttpsMapper not Switching to SSL When there is no JsessionId Cookie

Posted by Tim Urberg <ti...@urberg.net>.

A JIRA has been created.

https://issues.apache.org/jira/browse/WICKET-5129

Thanks,
Tim

On 3/28/13 6:52 AM, Sven Meier wrote:
> Please create a quickstart and attach it to a jira issue.
>
> Sven
>
> On 03/27/2013 06:41 PM, Tim Urberg wrote:
>> Hi Everyone,
>>
>> I'm having an issue with HttpsMapper not switching to SSL when there 
>> is no JSESSIONID cookie.  It's happening with wicket-auth-roles when 
>> the user goes to the home page, which need authentication.  I have 
>> this code in my init method in my WebApplication class.
>>
>> getSecuritySettings().setAuthorizationStrategy(new 
>> IAuthorizationStrategy()
>> {
>>    @Override
>>    public <T extends IRequestableComponent> boolean 
>> isInstantiationAuthorized(Class<T> componentClass)
>>    {
>>       if (AuthenticatedWebPage.class.isAssignableFrom(componentClass))
>>       {
>>          if (MyAuthenticatedWebSession.get().isSignedIn())
>>             return true;
>>
>>          throw new RestartResponseAtInterceptPageException(new 
>> LoginPage());
>>       }
>>
>>       return true;
>>    }
>>
>>    @Override
>>    public boolean isActionAuthorized(Component component, Action action)
>>    {
>>       return true;
>>    }
>> });
>>
>> HomePage implements AuthenticatedWebPage and LoginPage has the 
>> @RequireHttps annotation.  This only seems to happen when there is no 
>> JSESSIONID cookie.  The URL looks like this:
>>
>> http://localhost:7011/documentation/login;jsessionid=1c9nRTpWGWynRXdX1WKC5ZnSfTNKCydGTdHH83mvfXQZQcQ8fLpx!-1875818450?0 
>>
>>
>> when it should be https://localhost:7012/login.  If I try it a second 
>> time after the cookie has been created it works fine. This is not a 
>> problem when I go straight to http://localhost:7011/login (works fine 
>> then).  Just wondering if anyone else has this problem.
>>
>> Thanks,
>> Tim
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: HttpsMapper not Switching to SSL When there is no JsessionId Cookie

Posted by Sven Meier <sv...@meiers.net>.

Please create a quickstart and attach it to a jira issue.

Sven

On 03/27/2013 06:41 PM, Tim Urberg wrote:
> Hi Everyone,
>
> I'm having an issue with HttpsMapper not switching to SSL when there 
> is no JSESSIONID cookie.  It's happening with wicket-auth-roles when 
> the user goes to the home page, which need authentication.  I have 
> this code in my init method in my WebApplication class.
>
> getSecuritySettings().setAuthorizationStrategy(new 
> IAuthorizationStrategy()
> {
>    @Override
>    public <T extends IRequestableComponent> boolean 
> isInstantiationAuthorized(Class<T> componentClass)
>    {
>       if (AuthenticatedWebPage.class.isAssignableFrom(componentClass))
>       {
>          if (MyAuthenticatedWebSession.get().isSignedIn())
>             return true;
>
>          throw new RestartResponseAtInterceptPageException(new 
> LoginPage());
>       }
>
>       return true;
>    }
>
>    @Override
>    public boolean isActionAuthorized(Component component, Action action)
>    {
>       return true;
>    }
> });
>
> HomePage implements AuthenticatedWebPage and LoginPage has the 
> @RequireHttps annotation.  This only seems to happen when there is no 
> JSESSIONID cookie.  The URL looks like this:
>
> http://localhost:7011/documentation/login;jsessionid=1c9nRTpWGWynRXdX1WKC5ZnSfTNKCydGTdHH83mvfXQZQcQ8fLpx!-1875818450?0 
>
>
> when it should be https://localhost:7012/login.  If I try it a second 
> time after the cookie has been created it works fine.  This is not a 
> problem when I go straight to http://localhost:7011/login (works fine 
> then).  Just wondering if anyone else has this problem.
>
> Thanks,
> Tim
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org