Accessing a page over HTTPS results in infinite 302 redirects

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Accessing a page over HTTPS results in infinite 302 redirects

Kim Syväluoma
We have a Tapestry application which we need to use over HTTPS only. We
are using Weblogic only.

We have these set in the AppModule of the Tapestry application:

public static void contributeApplicationDefaults(
         final MappedConfiguration<String, String> configuration) {
     configuration.add("tapestry.supported-locales", "en");
     configuration.add("tapestry.start-page-name", "start");
     configuration.add(SymbolConstants.HOSTPORT_SECURE, "443");
     configuration.add(SymbolConstants.SECURE_ENABLED, "true");
}

public static void contributeMetaDataLocator(final
MappedConfiguration<String, String> configuration) {
     configuration.add(MetaDataConstants.SECURE_PAGE, "true");
}

In the Start page we have a redirect like this:

final Object onActivate() {
     if (!this.sessionHandler.isLoggedIn()) {
         return this.loginPage;
     }
     return this.mainFrameSet;
}

We we try to access our app by HTTPS at root or directly at the start
page, loginPage or mainFrameSet page we get infinite redirect loop (302)
to the same page we are accessing.

If we set the MetaDataConstants.SECURE_PAGE to false we can access our
app over HTTPS but all page requests/links within the app is then done
over HTTP and that does not work.
We need to have all functionality within the app to work over, and using
only, HTTPS.

What have we missed?

Br,
Kim

--
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤
Name: | Kim Syväluoma |
Email: | [hidden email] |
Tel (GSM): | +358 (0)40 592 5267 |
Tel Work: | +358 (0)20 7910 666 |
=========================================================

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Accessing a page over HTTPS results in infinite 302 redirects

Dmitry Gusev
Hi,

I'd suggest to check value of `Request#isSecure()`, it looks like it's
false.

It can happen if your WebSphere is behind a proxy/load balancer which
terminates SSL,
in this case you may need to configure WebSphere to acknowledge the
x-forwarded-proto HTTP header.

On Fri, Jun 14, 2019 at 9:17 AM Kim Syväluoma <[hidden email]> wrote:

> We have a Tapestry application which we need to use over HTTPS only. We
> are using Weblogic only.
>
> We have these set in the AppModule of the Tapestry application:
>
> public static void contributeApplicationDefaults(
>          final MappedConfiguration<String, String> configuration) {
>      configuration.add("tapestry.supported-locales", "en");
>      configuration.add("tapestry.start-page-name", "start");
>      configuration.add(SymbolConstants.HOSTPORT_SECURE, "443");
>      configuration.add(SymbolConstants.SECURE_ENABLED, "true");
> }
>
> public static void contributeMetaDataLocator(final
> MappedConfiguration<String, String> configuration) {
>      configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> }
>
> In the Start page we have a redirect like this:
>
> final Object onActivate() {
>      if (!this.sessionHandler.isLoggedIn()) {
>          return this.loginPage;
>      }
>      return this.mainFrameSet;
> }
>
> We we try to access our app by HTTPS at root or directly at the start
> page, loginPage or mainFrameSet page we get infinite redirect loop (302)
> to the same page we are accessing.
>
> If we set the MetaDataConstants.SECURE_PAGE to false we can access our
> app over HTTPS but all page requests/links within the app is then done
> over HTTP and that does not work.
> We need to have all functionality within the app to work over, and using
> only, HTTPS.
>
> What have we missed?
>
> Br,
> Kim
>
> --
> ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤
> Name:           |       Kim Syväluoma                    |
> Email:          |       [hidden email]                |
> Tel (GSM):      |       +358 (0)40 592 5267              |
> Tel Work:       |       +358 (0)20 7910 666              |
> =========================================================
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

--
Dmitry Gusev

AnjLab Team
http://anjlab.com
Reply | Threaded
Open this post in threaded view
|

Re: Accessing a page over HTTPS results in infinite 302 redirects

Chris Poulsen
Hi,

We use:

// default to non-secure pages (allows us to support both http and https
based on the request)
configuration.add( SymbolConstants.SECURE_ENABLED, "false" );

And always have an upstream proxy for performing SSL termination. This
relies on the X-Forward-* headers being set and handled correctly by the
various servers.

--
Chris

On Fri, Jun 14, 2019 at 10:06 AM Dmitry Gusev <[hidden email]>
wrote:

> Hi,
>
> I'd suggest to check value of `Request#isSecure()`, it looks like it's
> false.
>
> It can happen if your WebSphere is behind a proxy/load balancer which
> terminates SSL,
> in this case you may need to configure WebSphere to acknowledge the
> x-forwarded-proto HTTP header.
>
> On Fri, Jun 14, 2019 at 9:17 AM Kim Syväluoma <[hidden email]> wrote:
>
> > We have a Tapestry application which we need to use over HTTPS only. We
> > are using Weblogic only.
> >
> > We have these set in the AppModule of the Tapestry application:
> >
> > public static void contributeApplicationDefaults(
> >          final MappedConfiguration<String, String> configuration) {
> >      configuration.add("tapestry.supported-locales", "en");
> >      configuration.add("tapestry.start-page-name", "start");
> >      configuration.add(SymbolConstants.HOSTPORT_SECURE, "443");
> >      configuration.add(SymbolConstants.SECURE_ENABLED, "true");
> > }
> >
> > public static void contributeMetaDataLocator(final
> > MappedConfiguration<String, String> configuration) {
> >      configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> > }
> >
> > In the Start page we have a redirect like this:
> >
> > final Object onActivate() {
> >      if (!this.sessionHandler.isLoggedIn()) {
> >          return this.loginPage;
> >      }
> >      return this.mainFrameSet;
> > }
> >
> > We we try to access our app by HTTPS at root or directly at the start
> > page, loginPage or mainFrameSet page we get infinite redirect loop (302)
> > to the same page we are accessing.
> >
> > If we set the MetaDataConstants.SECURE_PAGE to false we can access our
> > app over HTTPS but all page requests/links within the app is then done
> > over HTTP and that does not work.
> > We need to have all functionality within the app to work over, and using
> > only, HTTPS.
> >
> > What have we missed?
> >
> > Br,
> > Kim
> >
> > --
> > ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤
> > Name:           |       Kim Syväluoma                    |
> > Email:          |       [hidden email]                |
> > Tel (GSM):      |       +358 (0)40 592 5267              |
> > Tel Work:       |       +358 (0)20 7910 666              |
> > =========================================================
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [hidden email]
> > For additional commands, e-mail: [hidden email]
> >
> >
>
> --
> Dmitry Gusev
>
> AnjLab Team
> http://anjlab.com
>
Reply | Threaded
Open this post in threaded view
|

Re: Accessing a page over HTTPS results in infinite 302 redirects

Kim Syväluoma
Thanks for the answers. We will try adding the "X-Forwarded-Proto:
https" header to our requests.

/Kim

2019-06-14 11:34 skrev Chris Poulsen:

> Hi,
>
> We use:
>
> // default to non-secure pages (allows us to support both http and
> https
> based on the request)
> configuration.add( SymbolConstants.SECURE_ENABLED, "false" );
>
> And always have an upstream proxy for performing SSL termination. This
> relies on the X-Forward-* headers being set and handled correctly by
> the
> various servers.
>
> --
> Chris
>
> On Fri, Jun 14, 2019 at 10:06 AM Dmitry Gusev <[hidden email]>
> wrote:
>
>> Hi,
>>
>> I'd suggest to check value of `Request#isSecure()`, it looks like it's
>> false.
>>
>> It can happen if your WebSphere is behind a proxy/load balancer which
>> terminates SSL,
>> in this case you may need to configure WebSphere to acknowledge the
>> x-forwarded-proto HTTP header.
>>
>> On Fri, Jun 14, 2019 at 9:17 AM Kim Syväluoma <[hidden email]>
>> wrote:
>>
>> > We have a Tapestry application which we need to use over HTTPS only. We
>> > are using Weblogic only.
>> >
>> > We have these set in the AppModule of the Tapestry application:
>> >
>> > public static void contributeApplicationDefaults(
>> >          final MappedConfiguration<String, String> configuration) {
>> >      configuration.add("tapestry.supported-locales", "en");
>> >      configuration.add("tapestry.start-page-name", "start");
>> >      configuration.add(SymbolConstants.HOSTPORT_SECURE, "443");
>> >      configuration.add(SymbolConstants.SECURE_ENABLED, "true");
>> > }
>> >
>> > public static void contributeMetaDataLocator(final
>> > MappedConfiguration<String, String> configuration) {
>> >      configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>> > }
>> >
>> > In the Start page we have a redirect like this:
>> >
>> > final Object onActivate() {
>> >      if (!this.sessionHandler.isLoggedIn()) {
>> >          return this.loginPage;
>> >      }
>> >      return this.mainFrameSet;
>> > }
>> >
>> > We we try to access our app by HTTPS at root or directly at the start
>> > page, loginPage or mainFrameSet page we get infinite redirect loop (302)
>> > to the same page we are accessing.
>> >
>> > If we set the MetaDataConstants.SECURE_PAGE to false we can access our
>> > app over HTTPS but all page requests/links within the app is then done
>> > over HTTP and that does not work.
>> > We need to have all functionality within the app to work over, and using
>> > only, HTTPS.
>> >
>> > What have we missed?
>> >
>> > Br,
>> > Kim
>> >
>> > --
>> > ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤
>> > Name:           |       Kim Syväluoma                    |
>> > Email:          |       [hidden email]                |
>> > Tel (GSM):      |       +358 (0)40 592 5267              |
>> > Tel Work:       |       +358 (0)20 7910 666              |
>> > =========================================================
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: [hidden email]
>> > For additional commands, e-mail: [hidden email]
>> >
>> >
>>
>> --
>> Dmitry Gusev
>>
>> AnjLab Team
>> http://anjlab.com
>>

--
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤
Name: | Kim Syväluoma |
Email: | [hidden email] |
Tel (GSM): | +358 (0)40 592 5267 |
Tel Work: | +358 (0)20 7910 666 |
=========================================================

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Accessing a page over HTTPS results in infinite 302 redirects

Kim Syväluoma
We have now added the X-Forwarded-Proto and X-Forwarded-For to the
requests but we still get 302 loop:

GET /ngm/start HTTP/1.1
Host: bo-ci.eget.fi
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169
Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,sv;q=0.8,fi;q=0.7,lv;q=0.6,es;q=0.5
Cookie: _ga=GA1.2.2095789035.1543389393;
AMCV_A5A139F7569D5CB57F000101%40AdobeOrg=1406116232%7CMCIDTS%7C17864%7CMCMID%7C21405024211598008102491243369473793569%7CMCAAMLH-1543994214%7C6%7CMCAAMB-1543994214%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1543396614s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C2.5.0;
_gcl_au=1.1.558442318.1553672462;
__cfduid=d3fcfc204dc54bf4c4d94a53ee955a6581557830653;
NGM=g49j5fJxzz-XyMWzYBJ4YoebaB8rgEwPw_gG2tEjudRZqYbykvGY!-2115956942
X-Forwarded-For: 10.5.128.233
X-Forwarded-Proto: https

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 17 Jun 2019 06:23:19 GMT
Transfer-Encoding: chunked
Location: https://bo-ci.eget.fi/ngm/start

0103
<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved
temporarily.</p>
<p>It's now at <a
href="https://bo-ci.eget.fi/ngm/start">https://bo-ci.eget.fi/ngm/start</a>.</p>
</body></html>

0000


Any more tips?

Br,
Kim


2019-06-14 12:24 skrev Kim Syväluoma:

> Thanks for the answers. We will try adding the "X-Forwarded-Proto:
> https" header to our requests.
>
> /Kim
>
> 2019-06-14 11:34 skrev Chris Poulsen:
>> Hi,
>>
>> We use:
>>
>> // default to non-secure pages (allows us to support both http and
>> https
>> based on the request)
>> configuration.add( SymbolConstants.SECURE_ENABLED, "false" );
>>
>> And always have an upstream proxy for performing SSL termination. This
>> relies on the X-Forward-* headers being set and handled correctly by
>> the
>> various servers.
>>
>> --
>> Chris
>>
>> On Fri, Jun 14, 2019 at 10:06 AM Dmitry Gusev <[hidden email]>
>> wrote:
>>
>>> Hi,
>>>
>>> I'd suggest to check value of `Request#isSecure()`, it looks like
>>> it's
>>> false.
>>>
>>> It can happen if your WebSphere is behind a proxy/load balancer which
>>> terminates SSL,
>>> in this case you may need to configure WebSphere to acknowledge the
>>> x-forwarded-proto HTTP header.
>>>
>>> On Fri, Jun 14, 2019 at 9:17 AM Kim Syväluoma <[hidden email]>
>>> wrote:
>>>
>>> > We have a Tapestry application which we need to use over HTTPS only. We
>>> > are using Weblogic only.
>>> >
>>> > We have these set in the AppModule of the Tapestry application:
>>> >
>>> > public static void contributeApplicationDefaults(
>>> >          final MappedConfiguration<String, String> configuration) {
>>> >      configuration.add("tapestry.supported-locales", "en");
>>> >      configuration.add("tapestry.start-page-name", "start");
>>> >      configuration.add(SymbolConstants.HOSTPORT_SECURE, "443");
>>> >      configuration.add(SymbolConstants.SECURE_ENABLED, "true");
>>> > }
>>> >
>>> > public static void contributeMetaDataLocator(final
>>> > MappedConfiguration<String, String> configuration) {
>>> >      configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>>> > }
>>> >
>>> > In the Start page we have a redirect like this:
>>> >
>>> > final Object onActivate() {
>>> >      if (!this.sessionHandler.isLoggedIn()) {
>>> >          return this.loginPage;
>>> >      }
>>> >      return this.mainFrameSet;
>>> > }
>>> >
>>> > We we try to access our app by HTTPS at root or directly at the start
>>> > page, loginPage or mainFrameSet page we get infinite redirect loop (302)
>>> > to the same page we are accessing.
>>> >
>>> > If we set the MetaDataConstants.SECURE_PAGE to false we can access our
>>> > app over HTTPS but all page requests/links within the app is then done
>>> > over HTTP and that does not work.
>>> > We need to have all functionality within the app to work over, and using
>>> > only, HTTPS.
>>> >
>>> > What have we missed?
>>> >
>>> > Br,
>>> > Kim
>>> >
>>>
>>> --
>>> Dmitry Gusev
>>>
>>> AnjLab Team
>>> http://anjlab.com
>>>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Accessing a page over HTTPS results in infinite 302 redirects

Dmitry Gusev
Show configuration of the app server for the header?
Tomcat, for example, needs custom valve to acknowledge x-forwarded headers.

On Mon, Jun 17, 2019 at 9:36 AM Kim Syväluoma <[hidden email]> wrote:

> We have now added the X-Forwarded-Proto and X-Forwarded-For to the
> requests but we still get 302 loop:
>
> GET /ngm/start HTTP/1.1
> Host: bo-ci.eget.fi
> Connection: keep-alive
> Upgrade-Insecure-Requests: 1
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169
> Safari/537.36
> Accept:
>
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
> Accept-Encoding: gzip, deflate, br
> Accept-Language: en-US,en;q=0.9,sv;q=0.8,fi;q=0.7,lv;q=0.6,es;q=0.5
> Cookie: _ga=GA1.2.2095789035.1543389393;
> AMCV_A5A139F7569D5CB57F000101%40AdobeOrg=1406116232%7CMCIDTS%7C17864%7CMCMID%7C21405024211598008102491243369473793569%7CMCAAMLH-1543994214%7C6%7CMCAAMB-1543994214%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1543396614s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C2.5.0;
>
> _gcl_au=1.1.558442318.1553672462;
> __cfduid=d3fcfc204dc54bf4c4d94a53ee955a6581557830653;
> NGM=g49j5fJxzz-XyMWzYBJ4YoebaB8rgEwPw_gG2tEjudRZqYbykvGY!-2115956942
> X-Forwarded-For: 10.5.128.233
> X-Forwarded-Proto: https
>
> HTTP/1.1 302 Moved Temporarily
> Connection: close
> Date: Mon, 17 Jun 2019 06:23:19 GMT
> Transfer-Encoding: chunked
> Location: https://bo-ci.eget.fi/ngm/start
>
> 0103
> <html><head><title>302 Moved Temporarily</title></head>
> <body bgcolor="#FFFFFF">
> <p>This document you requested has moved
> temporarily.</p>
> <p>It's now at <a
> href="https://bo-ci.eget.fi/ngm/start">https://bo-ci.eget.fi/ngm/start
> </a>.</p>
> </body></html>
>
> 0000
>
>
> Any more tips?
>
> Br,
> Kim
>
>
> 2019-06-14 12:24 skrev Kim Syväluoma:
> > Thanks for the answers. We will try adding the "X-Forwarded-Proto:
> > https" header to our requests.
> >
> > /Kim
> >
> > 2019-06-14 11:34 skrev Chris Poulsen:
> >> Hi,
> >>
> >> We use:
> >>
> >> // default to non-secure pages (allows us to support both http and
> >> https
> >> based on the request)
> >> configuration.add( SymbolConstants.SECURE_ENABLED, "false" );
> >>
> >> And always have an upstream proxy for performing SSL termination. This
> >> relies on the X-Forward-* headers being set and handled correctly by
> >> the
> >> various servers.
> >>
> >> --
> >> Chris
> >>
> >> On Fri, Jun 14, 2019 at 10:06 AM Dmitry Gusev <[hidden email]>
> >> wrote:
> >>
> >>> Hi,
> >>>
> >>> I'd suggest to check value of `Request#isSecure()`, it looks like
> >>> it's
> >>> false.
> >>>
> >>> It can happen if your WebSphere is behind a proxy/load balancer which
> >>> terminates SSL,
> >>> in this case you may need to configure WebSphere to acknowledge the
> >>> x-forwarded-proto HTTP header.
> >>>
> >>> On Fri, Jun 14, 2019 at 9:17 AM Kim Syväluoma <[hidden email]>
> >>> wrote:
> >>>
> >>> > We have a Tapestry application which we need to use over HTTPS only.
> We
> >>> > are using Weblogic only.
> >>> >
> >>> > We have these set in the AppModule of the Tapestry application:
> >>> >
> >>> > public static void contributeApplicationDefaults(
> >>> >          final MappedConfiguration<String, String> configuration) {
> >>> >      configuration.add("tapestry.supported-locales", "en");
> >>> >      configuration.add("tapestry.start-page-name", "start");
> >>> >      configuration.add(SymbolConstants.HOSTPORT_SECURE, "443");
> >>> >      configuration.add(SymbolConstants.SECURE_ENABLED, "true");
> >>> > }
> >>> >
> >>> > public static void contributeMetaDataLocator(final
> >>> > MappedConfiguration<String, String> configuration) {
> >>> >      configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> >>> > }
> >>> >
> >>> > In the Start page we have a redirect like this:
> >>> >
> >>> > final Object onActivate() {
> >>> >      if (!this.sessionHandler.isLoggedIn()) {
> >>> >          return this.loginPage;
> >>> >      }
> >>> >      return this.mainFrameSet;
> >>> > }
> >>> >
> >>> > We we try to access our app by HTTPS at root or directly at the start
> >>> > page, loginPage or mainFrameSet page we get infinite redirect loop
> (302)
> >>> > to the same page we are accessing.
> >>> >
> >>> > If we set the MetaDataConstants.SECURE_PAGE to false we can access
> our
> >>> > app over HTTPS but all page requests/links within the app is then
> done
> >>> > over HTTP and that does not work.
> >>> > We need to have all functionality within the app to work over, and
> using
> >>> > only, HTTPS.
> >>> >
> >>> > What have we missed?
> >>> >
> >>> > Br,
> >>> > Kim
> >>> >
> >>>
> >>> --
> >>> Dmitry Gusev
> >>>
> >>> AnjLab Team
> >>> http://anjlab.com
> >>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

--
Dmitry Gusev

AnjLab Team
http://anjlab.com
Reply | Threaded
Open this post in threaded view
|

Re: Accessing a page over HTTPS results in infinite 302 redirects

Kim Syväluoma
It was the load balancer configuration that needed further
configurations. Now it works as it should. Thanks for all the help.

Br,
Kim

2019-06-17 11:14 skrev Dmitry Gusev:

> Show configuration of the app server for the header?
> Tomcat, for example, needs custom valve to acknowledge x-forwarded
> headers.
>
> On Mon, Jun 17, 2019 at 9:36 AM Kim Syväluoma <[hidden email]>
> wrote:
>
>> We have now added the X-Forwarded-Proto and X-Forwarded-For to the
>> requests but we still get 302 loop:
>>
>> GET /ngm/start HTTP/1.1
>> Host: bo-ci.eget.fi [1]
>> Connection: keep-alive
>> Upgrade-Insecure-Requests: 1
>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5)
>> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169
>> Safari/537.36
>> Accept:
>>
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
>> Accept-Encoding: gzip, deflate, br
>> Accept-Language: en-US,en;q=0.9,sv;q=0.8,fi;q=0.7,lv;q=0.6,es;q=0.5
>> Cookie: _ga=GA1.2.2095789035.1543389393;
>>
> AMCV_A5A139F7569D5CB57F000101%40AdobeOrg=1406116232%7CMCIDTS%7C17864%7CMCMID%7C21405024211598008102491243369473793569%7CMCAAMLH-1543994214%7C6%7CMCAAMB-1543994214%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1543396614s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C2.5.0;
>>
>> _gcl_au=1.1.558442318.1553672462;
>> __cfduid=d3fcfc204dc54bf4c4d94a53ee955a6581557830653;
>> NGM=g49j5fJxzz-XyMWzYBJ4YoebaB8rgEwPw_gG2tEjudRZqYbykvGY!-2115956942
>> X-Forwarded-For: 10.5.128.233
>> X-Forwarded-Proto: https
>>
>> HTTP/1.1 302 Moved Temporarily
>> Connection: close
>> Date: Mon, 17 Jun 2019 06:23:19 GMT
>> Transfer-Encoding: chunked
>> Location: https://bo-ci.eget.fi/ngm/start
>>
>> 0103
>> <html><head><title>302 Moved Temporarily</title></head>
>> <body bgcolor="#FFFFFF">
>> <p>This document you requested has moved
>> temporarily.</p>
>> <p>It's now at <a
>>
> href="https://bo-ci.eget.fi/ngm/start">https://bo-ci.eget.fi/ngm/start</a>.</p>
>> </body></html>
>>
>> 0000
>>
>> Any more tips?
>>
>> Br,
>> Kim
>>
>> 2019-06-14 12:24 skrev Kim Syväluoma:
>>> Thanks for the answers. We will try adding the "X-Forwarded-Proto:
>>> https" header to our requests.
>>>
>>> /Kim
>>>
>>> 2019-06-14 11:34 skrev Chris Poulsen:
>>>> Hi,
>>>>
>>>> We use:
>>>>
>>>> // default to non-secure pages (allows us to support both http
>> and
>>>> https
>>>> based on the request)
>>>> configuration.add( SymbolConstants.SECURE_ENABLED, "false" );
>>>>
>>>> And always have an upstream proxy for performing SSL termination.
>> This
>>>> relies on the X-Forward-* headers being set and handled correctly
>> by
>>>> the
>>>> various servers.
>>>>
>>>> --
>>>> Chris
>>>>
>>>> On Fri, Jun 14, 2019 at 10:06 AM Dmitry Gusev
>> <[hidden email]>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I'd suggest to check value of `Request#isSecure()`, it looks
>> like
>>>>> it's
>>>>> false.
>>>>>
>>>>> It can happen if your WebSphere is behind a proxy/load balancer
>> which
>>>>> terminates SSL,
>>>>> in this case you may need to configure WebSphere to acknowledge
>> the
>>>>> x-forwarded-proto HTTP header.
>>>>>
>>>>> On Fri, Jun 14, 2019 at 9:17 AM Kim Syväluoma
>> <[hidden email]>
>>>>> wrote:
>>>>>
>>>>>> We have a Tapestry application which we need to use over HTTPS
>> only. We
>>>>>> are using Weblogic only.
>>>>>>
>>>>>> We have these set in the AppModule of the Tapestry
>> application:
>>>>>>
>>>>>> public static void contributeApplicationDefaults(
>>>>>>          final MappedConfiguration<String, String>
>> configuration) {
>>>>>>      configuration.add("tapestry.supported-locales", "en");
>>>>>>      configuration.add("tapestry.start-page-name", "start");
>>>>>>      configuration.add(SymbolConstants.HOSTPORT_SECURE,
>> "443");
>>>>>>      configuration.add(SymbolConstants.SECURE_ENABLED,
>> "true");
>>>>>> }
>>>>>>
>>>>>> public static void contributeMetaDataLocator(final
>>>>>> MappedConfiguration<String, String> configuration) {
>>>>>>      configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>>>>>> }
>>>>>>
>>>>>> In the Start page we have a redirect like this:
>>>>>>
>>>>>> final Object onActivate() {
>>>>>>      if (!this.sessionHandler.isLoggedIn()) {
>>>>>>          return this.loginPage;
>>>>>>      }
>>>>>>      return this.mainFrameSet;
>>>>>> }
>>>>>>
>>>>>> We we try to access our app by HTTPS at root or directly at
>> the start
>>>>>> page, loginPage or mainFrameSet page we get infinite redirect
>> loop (302)
>>>>>> to the same page we are accessing.
>>>>>>
>>>>>> If we set the MetaDataConstants.SECURE_PAGE to false we can
>> access our
>>>>>> app over HTTPS but all page requests/links within the app is
>> then done
>>>>>> over HTTP and that does not work.
>>>>>> We need to have all functionality within the app to work over,
>> and using
>>>>>> only, HTTPS.
>>>>>>
>>>>>> What have we missed?
>>>>>>
>>>>>> Br,
>>>>>> Kim
>>>>>>
>>>>>
>>>>> --
>>>>> Dmitry Gusev
>>>>>
>>>>> AnjLab Team
>>>>> http://anjlab.com
>>>>>
>>
>>
> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>
> --
> Dmitry Gusev
>
> AnjLab Team
> http://anjlab.com
>
> Links:
> ------
> [1] http://bo-ci.eget.fi

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]