[jboss-user] [JBoss Seam] - Re: HTTPS redirection
werner23
do-not-reply at jboss.com
Tue Feb 5 07:14:08 EST 2008
"matt.drees" wrote :
|
| This is what we're planning to do. I haven't tested it yet (don't have an ssl cert set up yet), but I think it should work. I'll report back if it doesn't.
|
| We use BIG-IP for loadbalancing and ssl decryption. For ssl requests, we've configured it to add a specific request header. I haven't tested this, but I think we only need to override Request.getScheme(), and not Request.getRequestURL().
|
|
| |
| | @Name("bigIpSslFilter")
| | @Scope(ScopeType.APPLICATION)
| | @BypassInterceptors
| | @org.jboss.seam.annotations.web.Filter
| | public class BigIpSslFilter implements Filter {
| |
| | public void destroy() {
| | }
| |
| | public void doFilter(ServletRequest request, ServletResponse response,
| | FilterChain filterChain) throws IOException, ServletException {
| | if (request instanceof HttpServletRequest) {
| | filterChain.doFilter(new BigIpSslRequest((HttpServletRequest) request), response);
| | } else {
| | filterChain.doFilter(request, response);
| | }
| | }
| |
| | public void init(FilterConfig filterConfig) throws ServletException {
| | }
| |
| | public static class BigIpSslRequest extends HttpServletRequestWrapper {
| |
| | public BigIpSslRequest(HttpServletRequest request) {
| | super(request);
| | }
| |
| | @Override
| | public String getScheme() {
| | String forwardedScheme = getRequest().getHeader("HTTP_X_FORWARDED_PROTO");
| | if (forwardedScheme != null && forwardedScheme.equals("https")) {
| | return "https";
| | }
| | return super.getScheme();
| | }
| |
| | @Override
| | public HttpServletRequest getRequest() {
| | return (HttpServletRequest) super.getRequest();
| | }
| | }
| | }
| |
|
| (btw, it's the same header that rails looks for to determine proxied https requests, since we also have some rails apps)
Sorry Matt, but your filter doesn't actually work, because Seam doesn't use the getScheme() method of the ServletRequest. This one works:
| @Name("forwardedHttpsDecoderFilter")
| @Scope(ScopeType.APPLICATION)
| @BypassInterceptors
| @Filter
| public class ForwardedHttpsDecoderFilter extends AbstractFilter {
|
| public static final String HEADER_HTTP_X_FORWARDED_PROTO = "HTTP_X_FORWARDED_PROTO";
|
| public static class SslRequest extends HttpServletRequestWrapper {
|
| public SslRequest(HttpServletRequest request) {
| super(request);
| }
|
| public HttpServletRequest getRequest() {
| return (HttpServletRequest) super.getRequest();
| }
|
| public StringBuffer getRequestURL() {
| StringBuffer requestURL = super.getRequestURL();
| if (requestURL.indexOf("http://") == 0) {
| requestURL.replace(0, 7, "https://");
| }
| return requestURL;
| }
| }
|
| public void doFilter(ServletRequest request, ServletResponse response,
| FilterChain filterChain) throws IOException, ServletException {
|
| if (request instanceof HttpServletRequest) {
| String forwardedScheme = ((HttpServletRequest) request).getHeader(HEADER_HTTP_X_FORWARDED_PROTO);
| if (forwardedScheme != null && forwardedScheme.equals("https")) {
| request = new SslRequest((HttpServletRequest) request);
| }
| }
| filterChain.doFilter(request, response);
| }
|
| public void destroy() {
| }
|
| public void init(FilterConfig filterConfig) throws ServletException {
| }
| }
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4126531#4126531
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4126531
More information about the jboss-user
mailing list