1 2 Previous Next 15 Replies Latest reply on Feb 5, 2008 7:14 AM by werner23 Go to original post
      • 15. Re: HTTPS redirection
        werner23

         

        "matt.drees" wrote:


        This is what we're planning to do. I haven't tested it yet (don't have an ssl cert set up yet), but I think it should work. I'll report back if it doesn't.

        We use BIG-IP for loadbalancing and ssl decryption. For ssl requests, we've configured it to add a specific request header. I haven't tested this, but I think we only need to override Request.getScheme(), and not Request.getRequestURL().

        
        @Name("bigIpSslFilter")
        @Scope(ScopeType.APPLICATION)
        @BypassInterceptors
        @org.jboss.seam.annotations.web.Filter
        public class BigIpSslFilter implements Filter {
        
         public void destroy() {
         }
        
         public void doFilter(ServletRequest request, ServletResponse response,
         FilterChain filterChain) throws IOException, ServletException {
         if (request instanceof HttpServletRequest) {
         filterChain.doFilter(new BigIpSslRequest((HttpServletRequest) request), response);
         } else {
         filterChain.doFilter(request, response);
         }
         }
        
         public void init(FilterConfig filterConfig) throws ServletException {
         }
        
         public static class BigIpSslRequest extends HttpServletRequestWrapper {
        
         public BigIpSslRequest(HttpServletRequest request) {
         super(request);
         }
        
         @Override
         public String getScheme() {
         String forwardedScheme = getRequest().getHeader("HTTP_X_FORWARDED_PROTO");
         if (forwardedScheme != null && forwardedScheme.equals("https")) {
         return "https";
         }
         return super.getScheme();
         }
        
         @Override
         public HttpServletRequest getRequest() {
         return (HttpServletRequest) super.getRequest();
         }
         }
        }
        


        (btw, it's the same header that rails looks for to determine proxied https requests, since we also have some rails apps)


        Sorry Matt, but your filter doesn't actually work, because Seam doesn't use the getScheme() method of the ServletRequest. This one works:

        @Name("forwardedHttpsDecoderFilter")
        @Scope(ScopeType.APPLICATION)
        @BypassInterceptors
        @Filter
        public class ForwardedHttpsDecoderFilter extends AbstractFilter {
        
         public static final String HEADER_HTTP_X_FORWARDED_PROTO = "HTTP_X_FORWARDED_PROTO";
        
         public static class SslRequest extends HttpServletRequestWrapper {
        
         public SslRequest(HttpServletRequest request) {
         super(request);
         }
        
         public HttpServletRequest getRequest() {
         return (HttpServletRequest) super.getRequest();
         }
        
         public StringBuffer getRequestURL() {
         StringBuffer requestURL = super.getRequestURL();
         if (requestURL.indexOf("http://") == 0) {
         requestURL.replace(0, 7, "https://");
         }
         return requestURL;
         }
         }
        
         public void doFilter(ServletRequest request, ServletResponse response,
         FilterChain filterChain) throws IOException, ServletException {
        
         if (request instanceof HttpServletRequest) {
         String forwardedScheme = ((HttpServletRequest) request).getHeader(HEADER_HTTP_X_FORWARDED_PROTO);
         if (forwardedScheme != null && forwardedScheme.equals("https")) {
         request = new SslRequest((HttpServletRequest) request);
         }
         }
         filterChain.doFilter(request, response);
         }
        
         public void destroy() {
         }
        
         public void init(FilterConfig filterConfig) throws ServletException {
         }
        }
        


        1 2 Previous Next