2 Replies Latest reply on Feb 16, 2011 3:20 AM by kpoudosu

    HTTPS redirect problem using Apache HTTPS

    grundor Mar 30, 2009 5:13 PM

      The following Jira described a problem I am having, but I am not sure what the right way to work around it is: JBSEAM-1024


      "Also, it would be great if the documentation could be updated to
include a warning for people with proxied environments. That is, 
depending on how your proxied environment is setup, using scheme might
result in an infinity redirect loop. Here is how this could happen: 
lets say you have a webserver that can handle both http and https, 
however, this webserver can only talk http with the appserver. Now, if 
you mark a page such as 'login.xhtml' with scheme = https, then if the 
user types https://www.somedomain.com/login.seam, the webserver will 
be sending http://www.somedomain.com/login.seam to the appserver. When 
Seam looks at it, it will ask the browser to redirect to https again, 
resulting in an infinity redirect loop."



      In my scenario we are also running Apache on our server and have configured SSL (mod-ssl).  When I try to use scheme=https (and set https-port=8443) in my pages.xml I am seeing the page load loop described.


      Can anyone offer advice on right way to set this up?  Do I also need to setup SSL under tomcat?  That seems wrong...


      -Mark


      • 500 Views
      • Tags:
        • 1. Re: HTTPS redirect problem using Apache HTTPS
          dro_k
          dro_k Mar 31, 2009 5:04 AM (in response to grundor)

          Seam's design is not very intuitive in this situation. If you look at Pages.preRender() you'll see that Seam tries to find out the scheme of the URL by looking at the URL. (Why they are not calling request.isSecure(), I don't know ???)


          So what you need to do is to setup apache so it adds an http header when decrypting https to http and then you can look for that header in a Servlet Filter and rewrite the URL so Seam sees the right URL. I know it sounds like a total hack, but that's what I'm doing and it works.


          - Drew

            • Actions
          • 2. Re: HTTPS redirect problem using Apache HTTPS
            kpoudosu
            kpoudosu Feb 16, 2011 3:20 AM (in response to grundor)

            Hi Drew,


            I am having the same challenge currently, please can you be more programmatic in your explanations. like say vivid example.

              • Actions