4 Replies Latest reply on Aug 13, 2007 4:26 PM by pmuir

    Seam SSL form Redirect

    glblack
    glblack Aug 13, 2007 11:49 AM


      We currently have Seam deployed behind a load balancer that terminates the SSL session.

      When submitting a form, the redirect URL generated is "http://" instead of "https://".

      Adding the schema to the pages.xml as follows

      <page view-id="*" scheme="https">

      causes the browser to be continually redirected to https URL.

      It appears that because SSL it terminated at the load balancer, seam does not detect that the request was https.

      Is there a way to configure seam to force https in the redirect once after post to prevent the redirect loop?


      • 1905 Views
      • Tags:
        • 1. Re: Seam SSL form Redirect
          glblack
          glblack Aug 13, 2007 2:28 PM (in response to glblack)

          I found the following post in jira about the same issue, but this did not work in SEAM 2.0.

          http://jira.jboss.com/jira/browse/JBSEAM-1024

          I added the following to the components.xml

          <core:pages https-port="8000"/>


          Has this change been added to to the 2.0 version?


            • Actions
          • 2. Re: Seam SSL form Redirect
            pmuir
            pmuir Aug 13, 2007 2:50 PM (in response to glblack)

            It's moved packages to:

            <navigation:pages https-port="8000"/>




              • Actions
            • 3. Re: Seam SSL form Redirect
              glblack
              glblack Aug 13, 2007 4:20 PM (in response to glblack)

              The application failed to deploy after using <navigation:pages>.

              I did find a solution by modifying the server.xml for the jboss.web connector. Adding scheme="https" to the Connector set the correct scheme for the HttpServletRequest to return the correct scheme.

              Unfortunately, this creates the reverse problem of not being able to connect to the server directly.

              This problem of being behind an SSL load balancer seems to be more of a servlet container issue.

              <Service name="jboss.web">

 <!-- A "Connector" represents an endpoint by which requests are received
 and responses are returned. Documentation at :
 Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
 Java AJP Connector: /docs/config/ajp.html
 APR (HTTP/AJP) Connector: /docs/apr.html
 Define a non-SSL HTTP/1.1 Connector on port 8000
 -->
 <Connector port="8000"
 scheme="https"
 maxThreads="250" maxHttpHeaderSize="8192"
 emptySessionPath="true" protocol="HTTP/1.1"
 enableLookups="false" redirectPort="8009" acceptCount="100"
 connectionTimeout="20000" disableUploadTimeout="true" />


                • Actions
              • 4. Re: Seam SSL form Redirect
                pmuir
                pmuir Aug 13, 2007 4:26 PM (in response to glblack)

                You probably forgot the namespace.

                  • Actions