"matt.drees" wrote:
This is what we're planning to do. I haven't tested it yet (don't have an ssl cert set up yet), but I think it should work. I'll report back if it doesn't.
We use BIG-IP for loadbalancing and ssl decryption. For ssl requests, we've configured it to add a specific request header. I haven't tested this, but I think we only need to override Request.getScheme(), and not Request.getRequestURL().@Name("bigIpSslFilter") @Scope(ScopeType.APPLICATION) @BypassInterceptors @org.jboss.seam.annotations.web.Filter public class BigIpSslFilter implements Filter { public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { if (request instanceof HttpServletRequest) { filterChain.doFilter(new BigIpSslRequest((HttpServletRequest) request), response); } else { filterChain.doFilter(request, response); } } public void init(FilterConfig filterConfig) throws ServletException { } public static class BigIpSslRequest extends HttpServletRequestWrapper { public BigIpSslRequest(HttpServletRequest request) { super(request); } @Override public String getScheme() { String forwardedScheme = getRequest().getHeader("HTTP_X_FORWARDED_PROTO"); if (forwardedScheme != null && forwardedScheme.equals("https")) { return "https"; } return super.getScheme(); } @Override public HttpServletRequest getRequest() { return (HttpServletRequest) super.getRequest(); } } }
(btw, it's the same header that rails looks for to determine proxied https requests, since we also have some rails apps)
@Name("forwardedHttpsDecoderFilter") @Scope(ScopeType.APPLICATION) @BypassInterceptors @Filter public class ForwardedHttpsDecoderFilter extends AbstractFilter { public static final String HEADER_HTTP_X_FORWARDED_PROTO = "HTTP_X_FORWARDED_PROTO"; public static class SslRequest extends HttpServletRequestWrapper { public SslRequest(HttpServletRequest request) { super(request); } public HttpServletRequest getRequest() { return (HttpServletRequest) super.getRequest(); } public StringBuffer getRequestURL() { StringBuffer requestURL = super.getRequestURL(); if (requestURL.indexOf("http://") == 0) { requestURL.replace(0, 7, "https://"); } return requestURL; } } public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { if (request instanceof HttpServletRequest) { String forwardedScheme = ((HttpServletRequest) request).getHeader(HEADER_HTTP_X_FORWARDED_PROTO); if (forwardedScheme != null && forwardedScheme.equals("https")) { request = new SslRequest((HttpServletRequest) request); } } filterChain.doFilter(request, response); } public void destroy() { } public void init(FilterConfig filterConfig) throws ServletException { } }