My bad Ben, I was thinking this was something related to Tapestry-Security when I seen your login url example.
So your saying your capable of accessing the pages directly with https:// without the use of @Secure, but with @Secure it puts you in an infinite loop while trying to access the page? On Wed, Feb 18, 2015 at 11:56 AM, Ben Titmarsh <ben.titma...@hotmail.co.uk> wrote: > Hi George, > > I don't have that property set to anything. My login page is just called > "login" though! This problem is also happening on other pages that I have > marked as secure, for example "register". > > Links aside I can't even hit those pages without getting caught in a > redirect loop, but I can happily hit any other page over https that does > not have the @Secure annotation. I've been looking around trying to find a > filter or something in the Tapestry source that uses this @Secure > annotation but can't seem to find it. I'm on Tapestry 5.3.7 for what > that's worth. > > Thanks, > Ben. > > > Date: Wed, 18 Feb 2015 11:47:16 -0500 > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > From: gchrist...@cardaddy.com > > To: users@tapestry.apache.org > > > > Hi Ben, what is your LOGIN_URL set too? Your not trying to secure the > same > > page your LOGIN_URL is set to right? > > > > Example > > configuration.add(SecuritySymbols.LOGIN_URL, "/login"); > > > > On Wed, Feb 18, 2015 at 11:20 AM, Ben Titmarsh < > ben.titma...@hotmail.co.uk> > > wrote: > > > > > Hey Guys, > > > > > > I've just got my web server set up for SSL and it's working, but am > > > experiencing some odd behaviour from Tapestry. I've added the @Secure > > > annotation to one of my pages but by default the link is generated > thus: > > > > > > https://[DOMAIN]:80/login > > > > > > I tried adding: > > > > > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); > > > > > > The link is now generated correctly like this (without a port): > > > > > > https://[DOMAIN]/login > > > > > > However when I hit that link, it gets caught in an infinite 302 > redirect > > > loop. > > > > > > I can quite happily hit any page without the @Secure annotation over > https > > > and it loads fine. > > > > > > Any pointers? > > > > > > Thanks, > > > Ben. > > > > > > > > > > > > > -- > > George Christman > > CEO > > www.CarDaddy.com > > P.O. Box 735 > > Johnstown, New York > > -- George Christman CEO www.CarDaddy.com P.O. Box 735 Johnstown, New York
