You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Tim Urberg <ti...@urberg.net> on 2013/03/27 18:41:00 UTC
HttpsMapper not Switching to SSL When there is no JsessionId Cookie
Hi Everyone,
I'm having an issue with HttpsMapper not switching to SSL when there is
no JSESSIONID cookie. It's happening with wicket-auth-roles when the
user goes to the home page, which need authentication. I have this code
in my init method in my WebApplication class.
getSecuritySettings().setAuthorizationStrategy(new IAuthorizationStrategy()
{
@Override
public <T extends IRequestableComponent> boolean
isInstantiationAuthorized(Class<T> componentClass)
{
if (AuthenticatedWebPage.class.isAssignableFrom(componentClass))
{
if (MyAuthenticatedWebSession.get().isSignedIn())
return true;
throw new RestartResponseAtInterceptPageException(new
LoginPage());
}
return true;
}
@Override
public boolean isActionAuthorized(Component component, Action action)
{
return true;
}
});
HomePage implements AuthenticatedWebPage and LoginPage has the
@RequireHttps annotation. This only seems to happen when there is no
JSESSIONID cookie. The URL looks like this:
http://localhost:7011/documentation/login;jsessionid=1c9nRTpWGWynRXdX1WKC5ZnSfTNKCydGTdHH83mvfXQZQcQ8fLpx!-1875818450?0
when it should be https://localhost:7012/login. If I try it a second
time after the cookie has been created it works fine. This is not a
problem when I go straight to http://localhost:7011/login (works fine
then). Just wondering if anyone else has this problem.
Thanks,
Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: HttpsMapper not Switching to SSL When there is no JsessionId
Cookie
Posted by Tim Urberg <ti...@urberg.net>.
A JIRA has been created.
https://issues.apache.org/jira/browse/WICKET-5129
Thanks,
Tim
On 3/28/13 6:52 AM, Sven Meier wrote:
> Please create a quickstart and attach it to a jira issue.
>
> Sven
>
> On 03/27/2013 06:41 PM, Tim Urberg wrote:
>> Hi Everyone,
>>
>> I'm having an issue with HttpsMapper not switching to SSL when there
>> is no JSESSIONID cookie. It's happening with wicket-auth-roles when
>> the user goes to the home page, which need authentication. I have
>> this code in my init method in my WebApplication class.
>>
>> getSecuritySettings().setAuthorizationStrategy(new
>> IAuthorizationStrategy()
>> {
>> @Override
>> public <T extends IRequestableComponent> boolean
>> isInstantiationAuthorized(Class<T> componentClass)
>> {
>> if (AuthenticatedWebPage.class.isAssignableFrom(componentClass))
>> {
>> if (MyAuthenticatedWebSession.get().isSignedIn())
>> return true;
>>
>> throw new RestartResponseAtInterceptPageException(new
>> LoginPage());
>> }
>>
>> return true;
>> }
>>
>> @Override
>> public boolean isActionAuthorized(Component component, Action action)
>> {
>> return true;
>> }
>> });
>>
>> HomePage implements AuthenticatedWebPage and LoginPage has the
>> @RequireHttps annotation. This only seems to happen when there is no
>> JSESSIONID cookie. The URL looks like this:
>>
>> http://localhost:7011/documentation/login;jsessionid=1c9nRTpWGWynRXdX1WKC5ZnSfTNKCydGTdHH83mvfXQZQcQ8fLpx!-1875818450?0
>>
>>
>> when it should be https://localhost:7012/login. If I try it a second
>> time after the cookie has been created it works fine. This is not a
>> problem when I go straight to http://localhost:7011/login (works fine
>> then). Just wondering if anyone else has this problem.
>>
>> Thanks,
>> Tim
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: HttpsMapper not Switching to SSL When there is no JsessionId
Cookie
Posted by Sven Meier <sv...@meiers.net>.
Please create a quickstart and attach it to a jira issue.
Sven
On 03/27/2013 06:41 PM, Tim Urberg wrote:
> Hi Everyone,
>
> I'm having an issue with HttpsMapper not switching to SSL when there
> is no JSESSIONID cookie. It's happening with wicket-auth-roles when
> the user goes to the home page, which need authentication. I have
> this code in my init method in my WebApplication class.
>
> getSecuritySettings().setAuthorizationStrategy(new
> IAuthorizationStrategy()
> {
> @Override
> public <T extends IRequestableComponent> boolean
> isInstantiationAuthorized(Class<T> componentClass)
> {
> if (AuthenticatedWebPage.class.isAssignableFrom(componentClass))
> {
> if (MyAuthenticatedWebSession.get().isSignedIn())
> return true;
>
> throw new RestartResponseAtInterceptPageException(new
> LoginPage());
> }
>
> return true;
> }
>
> @Override
> public boolean isActionAuthorized(Component component, Action action)
> {
> return true;
> }
> });
>
> HomePage implements AuthenticatedWebPage and LoginPage has the
> @RequireHttps annotation. This only seems to happen when there is no
> JSESSIONID cookie. The URL looks like this:
>
> http://localhost:7011/documentation/login;jsessionid=1c9nRTpWGWynRXdX1WKC5ZnSfTNKCydGTdHH83mvfXQZQcQ8fLpx!-1875818450?0
>
>
> when it should be https://localhost:7012/login. If I try it a second
> time after the cookie has been created it works fine. This is not a
> problem when I go straight to http://localhost:7011/login (works fine
> then). Just wondering if anyone else has this problem.
>
> Thanks,
> Tim
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org