Re: HTTPS not working with InjectPage or Class

Fri, 14 Apr 2017 23:09:08 -0700 

This is getting urgent! Can someone tell me what handles the return types from 
an event handler? I urgently have to fix it to ensure it returns HTTPS.

BTW, I have a custom BaseURLSource in AppModule:

         public static void 
contributeServiceOverride(@SuppressWarnings("rawtypes") 
MappedConfiguration<Class, Object> configuration) {
                 configuration.add(BaseURLSource.class, new 
ConfiguredBaseURLSource());
         }

and I’ve determined that every time it is called it returns an https URL. It is 
NOT called when the 2 event handlers of my example are involved, which seems a 
bit odd.

Geoff

> On 14 Apr 2017, at 11:17 AM, JumpStart <[email protected]> 
> wrote:
> 
> Hi,
> 
> I’ve found 2 situations where an HTTP URL is returned despite having set the 
> whole application to “secure”. 
> 
> * The 2 event handlers below are not correct - they return HTTP URLs (in, of 
> course, a 302 redirect), not HTTPS URLs.
> 
> public class Page1 {
> 
>       @InjectPage
>       private Page2 page2;
> 
>       Object onToPage2InjectPage() {
>               return page2;
>       }
> 
>       Object onToPage2Class() {
>               return Page2.class;
>       }
> 
> }
> 
> * Whereas PageLink and EventLink are correct - in Page1 they generated HTTPS 
> URLs.
> 
> <body>
>       <h1>Page 1</h1>
>       
>       <t:pagelink page="page2">To Page 2 (PageLink)</t:pagelink>
>       <p/>
>       <t:eventlink event="toPage2InjectPage">To Page 2 
> (InjectPage)</t:eventlink>
>       <p/>
>       <t:eventlink event="toPage2Class">To Page 2 (Class)</t:eventlink>
> </body>
> 
> This DID work in my previous setup, which was Apache virtual host on port 
> 443, handling the SSL, and proxying via AJP to Tapestry in Wildfly on port 
> 8009.
> 
> What’s changed is that I’ve put an AWS ALB (Application Load Balancer) in 
> front of Apache. ALB handles the SSL, forwards to Apache on port 80, which 
> proxies via AJP to Tapestry in Wildfly on port 8009.
> 
> I think the HTTP headers on the requests are all intact. But even if they 
> aren’t, shouldn’t the following configuration guarantee that the event 
> handlers shown above return HTTPS URLs?
> 
>       public void contributeMetaDataLocator(MappedConfiguration<String, 
> String> configuration) {
>               configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>       }
> 
> I saw an earlier post that suggested doing the following, but it had the same 
> result:
> 
>       public static void 
> contributeApplicationDefaults(MappedConfiguration<String, String> 
> configuration) {
>               configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>       }
> 
> Regards,
> 
> Geoff
>

Reply via email to