6 Replies Latest reply on Jan 10, 2008 12:34 PM by nkhilnani

    HTTPS Scheme in pages.xml without httpsport or default port

      Hi,
      I have been using https with Seam for a while not and in our environment we have http and https setup at the load balancer level.

      An hrrp request comes to the load balancer. The load balancer internally forwards requests to tomcats that only have http setup. We do this to avoid setting up https and related certificates for every tomcat in our pools. Each tomcat in the pool is setup on a different port only accessible internally.

      After looking at the Seam documentation and org.jboss.seam.navigation.pages file. It seems that if a page view-id is marked with scheme=https, the framework appends port info. If no httpsport is defined, it retrieves the server instance port and appends that.(see code at end of this post)

      In our case, this could would return internal tomcat port, not the externally accessible port (no port or port 80). this will cause a redirect to the incorrect port. eg.
      external url: http://mysite.com and https://mysite.com
      two tomcats in pool at http://tomcats.com:123 and http://tomcats.com:124

      in pages.xml or somewhere else, would it be possible to indicate scheme https for view-ids but not append ":PORT"?
      eg redirection http://mysite.com to https:://mysite.com with no appended port info.

      The code i looked at is below.

      Thanks in advance
      Nik Khilnani




       public String encodeScheme(String viewId, FacesContext context, String url)
       {
       String scheme = getScheme(viewId);
       if (scheme != null)
       {
       String requestUrl = getRequestUrl(context);
       if (requestUrl!=null)
       {
       try
       {
       URL serverUrl = new URL(requestUrl);
      
       StringBuilder sb = new StringBuilder();
       sb.append(scheme);
       sb.append("://");
       sb.append(serverUrl.getHost());
      
       if ("http".equals(scheme) && httpPort != null)
       {
       sb.append(":");
       sb.append(httpPort);
       }
       else if ("https".equals(scheme) && httpsPort != null)
       {
       sb.append(":");
       sb.append(httpsPort);
       }
       else if (serverUrl.getPort() != -1)
       {
       sb.append(":");
       sb.append(serverUrl.getPort());
       }
      
       if (!url.startsWith("/")) sb.append("/");
      
       sb.append(url);
      
       url = sb.toString();
       }
       catch (MalformedURLException ex)
       {
       throw new RuntimeException(ex);
       }
       }
       }
       return url;
       }
      
      


        • 1. Re: HTTPS Scheme in pages.xml without httpsport or default p
          pmuir

          So create a custom Pages component that the extends the one in Seam and override the encodeScheme and make it apply the logic you want :)

          • 2. Re: HTTPS Scheme in pages.xml without httpsport or default p

            Funny :)

            I dont mind contributing code to the Seam project... i figured other may find the update useful as well, since a lot of websites with SSL dont always have a port number in the url.

            How would i go about registering my custom component with seam once i have it coded... If possible, can provide some info or links?

            Also, Is it possible for me to contribute code (since im a random person at this point)? How should i go about that?

            Thanks,
            Nik

            • 3. Re: HTTPS Scheme in pages.xml without httpsport or default p
              pmuir

               

              @Scope(ScopeType.APPLICATION)
              @BypassInterceptors
              @Name("org.jboss.seam.navigation.pages")
              @Install(precedence=BUILT_IN, classDependencies="javax.faces.context.FacesContext")
              public class MyPages extends Pages {
              ...
              public String encodeScheme(String viewId, FacesContext context, String url)
               {


              To contribute, create a JIRA issue, describe your use case and how you have solved it, and attach a patch in diff format.

              If we thinks it useful we will probably apply it straight away, otherwise it'll need some votes from users.

              • 4. Re: HTTPS Scheme in pages.xml without httpsport or default p

                Perfect!!

                Thanks
                Nik

                • 5. Re: HTTPS Scheme in pages.xml without httpsport or default p

                  Hmm.. we noticed another issue.

                  When the Loadbalancer has SSL but internally redirects the requst to a tomcat not on SSL (to avoid having SLL at every level in the internal restricted network) the Seam framework sends back 302 (page moved) for every request to the login-view-id page and we get an infinite loop of 302 location login-view-id.

                  If the tomcat has SSL setup, it works as expected.

                  Does the Seam framework explicitly check if the current host scheme is SSL even if the request URL is https?

                  Thanks,
                  Nik

                  • 6. Re: HTTPS Scheme in pages.xml without httpsport or default p

                    oh, for info for others... the precedence should be FRAMEWORK , not BUILT_IN. Using built gives and error indicating two components were defined with the same precedence.

                    From the source code for the Install annotation

                     /**
                     * Precedence of all built-in Seam components
                     */
                     public static final int BUILT_IN = 0;
                     /**
                     * Precedence to use for components of frameworks
                     * which extend Seam
                     */
                     public static final int FRAMEWORK = 10;
                     /**
                     * Predence of application components (the
                     * default precedence)
                     */
                     public static final int APPLICATION = 20;
                     /**
                     * Precedence to use for components which override
                     * application components in a particular deployment
                     */
                     public static final int DEPLOYMENT = 30;
                    
                     /**
                     * Precedence to use for mock objects in tests
                     */
                     public static final int MOCK = 40;
                    


                    Thanks All!
                    Nik