Re: Same page secured and unsecured

Mon, 28 Oct 2013 00:46:44 -0700 

Thanks Lenny that is exactly it and the solution works great.
Agree with the bug poster and would vote for the issue if it weren't closed already. 

p.

On 28/10/2013 6:05 PM, Lenny Primak wrote:

I think you are running into this issue:
https://issues.apache.org/jira/browse/TAP5-2080
Seems due to political issues it will not be fixed,
But the workaround in the issue should work for you.
I feel your pain because I had to implement a similar workaround as well.


On Oct 28, 2013, at 2:35 AM, Paul Stanton <p...@mapshed.com.au> wrote:

Sorry for the thread revival, however I am coming up against the same problem.

I have a page needs to be served via https for some customers and http for 
others.

If I request the page via https without the @Secure annotation, all ajax event 
urls are incorrectly altered to:
http://domain:443/app/page:event
- both the protocol and port are incorrect in this case.

If I request the page via https with the @Secure annotation, ajax event urls 
are correctly altered to:
https://domain/app/page:event

Another problem is, when requesting the page via http with the @Secure 
annotation redirect incorrectly to https:
https://domain:80/app/page 
<https://maps.vodafone.com.au:80/VHAMap-stage/publiccoverage/public-vf>
- not sure why port 80 is added, it is not needed in our config.


So my question is, how can I achieve the behaviour of @Secure dynamically and 
only if the request is made over https?

Thanks, Paul.


On 28/06/2012 10:20 PM, Thiago H de Paula Figueiredo wrote:

On Thu, 28 Jun 2012 03:52:24 -0300, Henrik von Schlanbusch <hen...@enovate.no> 
wrote:

Hi

Hi!


Is it possible to have the same page secured and not secured?
I have a page now that need to be accessed via https.
Consequently I have annotated it with @Secure.

You misuderstood @Secure. You don't need it in a page so it can be accessed though HTTPS. 
@Secure guarantees that the page is only requested through HTTPS, redirecting if needed. 
From the @Secure JavaDoc: "A marker annotation that indicates that the page in 
question may only be accessed via HTTPS."

Just remove @Secure and it will work with HTTP and HTTPS.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Reply via email to