Hi, couldn't it be related to the servlet container config? As far as I remember tapestry uses information provided by the servlet container [1] to determinate if a given request is happening over a secure connection or not. So you might want to double check your container config. Assuming you're using Tomcat see [2] (secure and scheme parameter)
Moreover the redirect loop you're experiencing make me think you're running behind an http server... Are you're handling the S in httpd? In this case you obviously need two tomcat (or whatever) endpoints (one secure=true the other secure=false), as the container hasn't access to the original (un)secured connection so it can't provide the this info to Tapestry. Luca [1] https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#getScheme() and https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#isSecure() [2] http://tomcat.apache.org/tomcat-7.0-doc/config/http.html ----- Original Message ----- > From: "Ben Titmarsh" <ben.titma...@hotmail.co.uk> > To: "Tapestry users" <users@tapestry.apache.org> > Sent: Wednesday, February 18, 2015 6:45:18 PM > Subject: RE: Weird behaviour generating URLs for HTTPS pages > > That's right and if I don't add > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); then all links to > @Secure pages are generated with port 80 too. Not sure why that is.. > > > Date: Wed, 18 Feb 2015 12:40:51 -0500 > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > From: gchrist...@cardaddy.com > > To: users@tapestry.apache.org > > > > My bad Ben, I was thinking this was something related to Tapestry-Security > > when I seen your login url example. > > > > So your saying your capable of accessing the pages directly with https:// > > without the use of @Secure, but with @Secure it puts you in an infinite > > loop while trying to access the page? > > > > On Wed, Feb 18, 2015 at 11:56 AM, Ben Titmarsh <ben.titma...@hotmail.co.uk> > > wrote: > > > > > Hi George, > > > > > > I don't have that property set to anything. My login page is just called > > > "login" though! This problem is also happening on other pages that I > > > have > > > marked as secure, for example "register". > > > > > > Links aside I can't even hit those pages without getting caught in a > > > redirect loop, but I can happily hit any other page over https that does > > > not have the @Secure annotation. I've been looking around trying to find > > > a > > > filter or something in the Tapestry source that uses this @Secure > > > annotation but can't seem to find it. I'm on Tapestry 5.3.7 for what > > > that's worth. > > > > > > Thanks, > > > Ben. > > > > > > > Date: Wed, 18 Feb 2015 11:47:16 -0500 > > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > From: gchrist...@cardaddy.com > > > > To: users@tapestry.apache.org > > > > > > > > Hi Ben, what is your LOGIN_URL set too? Your not trying to secure the > > > same > > > > page your LOGIN_URL is set to right? > > > > > > > > Example > > > > configuration.add(SecuritySymbols.LOGIN_URL, "/login"); > > > > > > > > On Wed, Feb 18, 2015 at 11:20 AM, Ben Titmarsh < > > > ben.titma...@hotmail.co.uk> > > > > wrote: > > > > > > > > > Hey Guys, > > > > > > > > > > I've just got my web server set up for SSL and it's working, but am > > > > > experiencing some odd behaviour from Tapestry. I've added the > > > > > @Secure > > > > > annotation to one of my pages but by default the link is generated > > > thus: > > > > > > > > > > https://[DOMAIN]:80/login > > > > > > > > > > I tried adding: > > > > > > > > > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); > > > > > > > > > > The link is now generated correctly like this (without a port): > > > > > > > > > > https://[DOMAIN]/login > > > > > > > > > > However when I hit that link, it gets caught in an infinite 302 > > > redirect > > > > > loop. > > > > > > > > > > I can quite happily hit any page without the @Secure annotation over > > > https > > > > > and it loads fine. > > > > > > > > > > Any pointers? > > > > > > > > > > Thanks, > > > > > Ben. > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > George Christman > > > > CEO > > > > www.CarDaddy.com > > > > P.O. Box 735 > > > > Johnstown, New York > > > > > > > > > > > > > > -- > > George Christman > > CEO > > www.CarDaddy.com > > P.O. Box 735 > > Johnstown, New York > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
