4 Replies Latest reply on Aug 13, 2007 4:26 PM by Pete Muir

    Seam SSL form Redirect

    Lee Blackburn Newbie


      We currently have Seam deployed behind a load balancer that terminates the SSL session.

      When submitting a form, the redirect URL generated is "http://" instead of "https://".

      Adding the schema to the pages.xml as follows

      <page view-id="*" scheme="https">

      causes the browser to be continually redirected to https URL.

      It appears that because SSL it terminated at the load balancer, seam does not detect that the request was https.

      Is there a way to configure seam to force https in the redirect once after post to prevent the redirect loop?


        • 1. Re: Seam SSL form Redirect
          Lee Blackburn Newbie

          I found the following post in jira about the same issue, but this did not work in SEAM 2.0.

          http://jira.jboss.com/jira/browse/JBSEAM-1024

          I added the following to the components.xml

          <core:pages https-port="8000"/>


          Has this change been added to to the 2.0 version?


          • 2. Re: Seam SSL form Redirect
            Pete Muir Master

            It's moved packages to:

            <navigation:pages https-port="8000"/>




            • 3. Re: Seam SSL form Redirect
              Lee Blackburn Newbie

              The application failed to deploy after using <navigation:pages>.

              I did find a solution by modifying the server.xml for the jboss.web connector. Adding scheme="https" to the Connector set the correct scheme for the HttpServletRequest to return the correct scheme.

              Unfortunately, this creates the reverse problem of not being able to connect to the server directly.

              This problem of being behind an SSL load balancer seems to be more of a servlet container issue.

              <Service name="jboss.web">
              
               <!-- A "Connector" represents an endpoint by which requests are received
               and responses are returned. Documentation at :
               Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
               Java AJP Connector: /docs/config/ajp.html
               APR (HTTP/AJP) Connector: /docs/apr.html
               Define a non-SSL HTTP/1.1 Connector on port 8000
               -->
               <Connector port="8000"
               scheme="https"
               maxThreads="250" maxHttpHeaderSize="8192"
               emptySessionPath="true" protocol="HTTP/1.1"
               enableLookups="false" redirectPort="8009" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" />
              


              • 4. Re: Seam SSL form Redirect
                Pete Muir Master

                You probably forgot the namespace.