[CONF] Apache Wicket > Adding a sign-in page served over HTTP but authenticating using HTTPS

[confluence]

Adding a sign-in page served over HTTP but authenticating using HTTPS Page edited by Ernesto Reinaldo Barreiro Changes (2) h1. Adding a sign-in page served over HTTP but authenticating using HTTPS On this wiki page we explain how to create a page (e.g. a public page of a site) served over HTTP but containing a sign in part form that uses HTTPs for authentication. The code we show is valid for 1.4.x branch. {code:java} import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.wicket.RequestCycle; import org.apache.wicket.protocol.http.BufferedWebResponse; import org.apache.wicket.protocol.http.WebRequest; import org.apache.wicket.util.string.Strings; import es.liberty.paneuropeo.web.https.SwitchProtocolRequestTarget.Protocol; /** * @author Ernesto Reinaldo Barreiro * */ public class SecureBufferedWebResponse extends BufferedWebResponse { /** * @param httpServletResponse */ public SecureBufferedWebResponse(HttpServletResponse httpServletResponse) { super(httpServletResponse); } @Override public CharSequence encodeURL(CharSequence url) { RequestCycle requestCycle = RequestCycle.get(); WebRequest webRequest = (WebRequest)requestCycle.getRequest(); if((webRequest instanceof SecureServletWebRequest) && ((SecureServletWebRequest)webRequest).isUseAbsoluteURL()) { HttpServletRequest request = webRequest.getHttpServletRequest(); boolean isHTTPS =request.getScheme().equals(Protocol.HTTPS.name().toLowerCase()); if(isHTTPS) { SecureHttpsRequestCycleProcessor processor = (SecureHttpsRequestCycleProcessor)requestCycle.getProcessor(); Integer port = null; if (processor.getConfig().getHttpPort() != 80) { port = processor.getConfig().getHttpPort(); } String absUrl = getUrl("http", port, request, url.toString()); return super.encodeURL(absUrl); } } return super.encodeURL(url); } /** * Rewrite the url using the specified protocol * * @param protocol * @param port * @param request * @return url */ protected String getUrl(String protocol, Integer port, HttpServletRequest request, String queryString) { if(queryString.startsWith("http") || queryString.startsWith("https")) return queryString; StringBuilder result = new StringBuilder(); result.append(protocol); result.append("://"); result.append(request.getServerName()); if (port != null) { result.append(":"); result.append(port); } result.append(request.getRequestURI()); if (queryString != null) { if(queryString.indexOf("../")>=0) { queryString = Strings.replaceAll(queryString, "../", "").toString(); } else if(!queryString.startsWith("?")) result.append("?"); result.append(queryString); } return result.toString(); } } {code} Full Content Adding a sign-in page served over HTTP but authenticating using HTTPS On this wiki page we explain how to create a page (e.g. a public page of a site) served over HTTP but containing a sign in form that uses HTTPs for authentication. The code we show is valid for 1.4.x branch. import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.wicket.RequestCycle; import org.apache.wicket.protocol.http.BufferedWebResponse; import org.apache.wicket.protocol.http.WebRequest; import org.apache.wicket.util.string.Strings; import es.liberty.paneuropeo.web.https.SwitchProtocolRequestTarget.Protocol; /** * @author Ernesto Reinaldo Barreiro * */ public class SecureBufferedWebResponse extends BufferedWebResponse { /** * @param httpServletResponse */ public SecureBufferedWebResponse(HttpServletResponse httpServletResponse) { super(httpServletResponse); } @Override public CharSequence encodeURL(CharSequence url) { RequestCycle requestCycle = RequestCycle.get(); WebRequest webRequest = (WebRequest)requestCycle.getRequest(); if((webRequest instanceof SecureServletWebRequest) && ((SecureServletWebRequest)webRequest).isUseAbsoluteURL()) { HttpServletRequest request = webRequest.getHttpServletRequest(); boolean isHTTPS =request.getScheme().equals(Protocol.HTTPS.name().toLowerCase()); if(isHTTPS) { SecureHttpsRequestCycleProcessor processor = (SecureHttpsRequestCycleProcessor)requestCycle.getProcessor(); Integer port = null; if (processor.getConfig().getHttpPort() != 80) { port = processor.getConfig().getHttpPort(); } String absUrl = getUrl("http", port, request, url.toString()); return super.encodeURL(absUrl); } } return super.encodeURL(url); } /** * Rewrite the url using the specified protocol * * @param protocol * @param port * @param request * @return url */ protected String getUrl(String protocol, Integer port, HttpServletRequest request, String queryString) { if(queryString.startsWith("http") || queryString.startsWith("https")) return queryString; StringBuilder result = new StringBuilder(); result.append(protocol); result.append("://"); result.append(request.getServerName()); if (port != null) { result.append(":"); result.append(port); } result.append(request.getRequestURI()); if (queryString != null) { if(queryString.indexOf("../")>=0) { queryString = Strings.replaceAll(queryString, "../", "").toString(); } else if(!queryString.startsWith("?")) result.append("?"); result.append(queryString); } return result.toString(); } } Change Notification Preferences View Online | View Changes | Add Comment