While not addressing your problem exactly, I have found issues with cookies doing things like this. You try to login via HTTPS. Your session is created as a secure cookie, and when you go back to regular HTTP after login, you have no session cookie. I created a new, non-secure cookie, but that’s definitely a hack and has some issues. I don’t use @Secure since I could never get anything working correctly, and so redirect myself.
You could try using something like nginx to do SSL to plan old tomcat running in HTTP mode. Using the @Secure annotation will still cause problems, since it will want to use HTTPS to / from tomcat. This would likely work, but local users won’t benefit from HTTPS for login. However, you could potentially us nginx to handle that as well, forcing HTTPS for a specific URL. You may be able to use your own MetaDataLocator service to determine that client IP address and decide there. Obviously if you are doing a reverse proxy, the Http Request IP address won’t necessarily be the client’s IP address, but most proxies add a header you could use. Norman Franke Answering Service for Directors, Inc. www.myasd.com On Feb 5, 2015, at 4:16 AM, Martin Nagl <mn...@mtbiker.sk> wrote: > Hi all, > > we have a Tapesty5 application deployed on Tomcat + Apache httpd. In > production environment at our customer, the application should be deployed > / accessed like this: > - Tomcat is running on a server in internal network on port 8080. > - There is an Apache HTTP server with reverse proxy to Tomcat (AJP) > accessible from the internet on port 80. > - Internal users should access the application on Tomcat directly without > https on http://servername.intranet.customer.sk:8080/appname/login > - External users should access the application through Apache httpd, with > https, on https://apps.customer.sk/appname/login > > 1. Initiallly, I had no @Secure annotations on my pages. The application > worked correctly from internal network, but not from internet. From > internet, I could access the login page through https, but after submit, I > get somehow redirected to http which ends with server error: Your browser > sent a request that this server could not understand. > Reason: You're speaking plain HTTP to an SSL-enabled server port. > Instead use the HTTPS scheme to access this URL, please. > > 2. I have annotated all my pages with @Secure. The aplication now works > correctly from internet, but not from internal network. From internal > network, I can access > http://servername.intranet.customer.sk:8080/appname/login but I get > redirected to https at > https://servername.intranet.customer.sk:8080/appname/login. - This is not > desired, I would like the application to continue in http mode. > > Is this setup possible with a Tapestry5 application (a single deployed > instance)? > Is there some way to tell Tapestry "If you're accessed through https, then > serve all pages through https, else if you're accessed through http, then > serve all pages through http"? > > Thanks > Regards > Martin
