[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1024) Switching to HTTPS using scheme attribute does not work for custom http and https ports

H K (JIRA) jira-events at lists.jboss.org
Sat Mar 10 15:24:46 EST 2007


Switching to HTTPS using scheme attribute does not work for custom http and https ports
---------------------------------------------------------------------------------------

                 Key: JBSEAM-1024
                 URL: http://jira.jboss.com/jira/browse/JBSEAM-1024
             Project: JBoss Seam
          Issue Type: Bug
          Components: Security
    Affects Versions: 1.2.0.GA, 1.1.7.CR1
            Reporter: H K
            Priority: Minor


If you use custom http and https ports (say, 8080, 8443), the switching to https does not work using the 'scheme' attribute in the pages.xml.  The reason is that in Pages.encodeScheme() the server port is calculated by looking at the request url, this port will be 8080, while the correct port that needs to be in the new url should be 8443.

Also, it would be great if the documentation could be updated to include a warning for people with proxied environments.  That is, depending on how your proxied environment is setup, using scheme might result in an infinity redirect loop. Here is how this could happen:  lets say you have a webserver that can handle both http and https, however, this webserver can only talk http with the appserver. Now, if you mark a page such as 'login.xhtml' with scheme = https, then if the user types https://www.somedomain.com/login.seam, the webserver will be sending http://www.somedomain.com/login.seam to the appserver. When Seam looks at it, it will ask the browser to redirect to https again, resulting in an infinity redirect loop.  
Should I open a different JIRA issue for the documentation update?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        



More information about the seam-issues mailing list