Martin, Have you tried setting the tapestry.secure-enabled symbol to "false" in your AppModule.java? That prevents Tapestry from redirecting to https (and you won't have to have @Secure annotations on your pages). On Feb 5, 2015 11:30 AM, "Norman Franke" <nor...@myasd.com> wrote:
> While not addressing your problem exactly, I have found issues with > cookies doing things like this. You try to login via HTTPS. Your session is > created as a secure cookie, and when you go back to regular HTTP after > login, you have no session cookie. I created a new, non-secure cookie, but > that’s definitely a hack and has some issues. I don’t use @Secure since I > could never get anything working correctly, and so redirect myself. > > You could try using something like nginx to do SSL to plan old tomcat > running in HTTP mode. Using the @Secure annotation will still cause > problems, since it will want to use HTTPS to / from tomcat. This would > likely work, but local users won’t benefit from HTTPS for login. However, > you could potentially us nginx to handle that as well, forcing HTTPS for a > specific URL. > > You may be able to use your own MetaDataLocator service to determine that > client IP address and decide there. Obviously if you are doing a reverse > proxy, the Http Request IP address won’t necessarily be the client’s IP > address, but most proxies add a header you could use. > > Norman Franke > Answering Service for Directors, Inc. > www.myasd.com > > > > On Feb 5, 2015, at 4:16 AM, Martin Nagl <mn...@mtbiker.sk> wrote: > > > Hi all, > > > > we have a Tapesty5 application deployed on Tomcat + Apache httpd. In > > production environment at our customer, the application should be > deployed > > / accessed like this: > > - Tomcat is running on a server in internal network on port 8080. > > - There is an Apache HTTP server with reverse proxy to Tomcat (AJP) > > accessible from the internet on port 80. > > - Internal users should access the application on Tomcat directly > without > > https on http://servername.intranet.customer.sk:8080/appname/login > > - External users should access the application through Apache httpd, > with > > https, on https://apps.customer.sk/appname/login > > > > 1. Initiallly, I had no @Secure annotations on my pages. The application > > worked correctly from internal network, but not from internet. From > > internet, I could access the login page through https, but after submit, > I > > get somehow redirected to http which ends with server error: Your browser > > sent a request that this server could not understand. > > Reason: You're speaking plain HTTP to an SSL-enabled server port. > > Instead use the HTTPS scheme to access this URL, please. > > > > 2. I have annotated all my pages with @Secure. The aplication now works > > correctly from internet, but not from internal network. From internal > > network, I can access > > http://servername.intranet.customer.sk:8080/appname/login but I get > > redirected to https at > > https://servername.intranet.customer.sk:8080/appname/login. - This is > not > > desired, I would like the application to continue in http mode. > > > > Is this setup possible with a Tapestry5 application (a single deployed > > instance)? > > Is there some way to tell Tapestry "If you're accessed through https, > then > > serve all pages through https, else if you're accessed through http, then > > serve all pages through http"? > > > > Thanks > > Regards > > Martin > >
