[CONF] Apache Wicket > Adding a sign-in page served over HTTP but authenticating using HTTPS

[confluence]

Adding a sign-in page served over HTTP but authenticating using HTTPS Page edited by Ernesto Reinaldo Barreiro Changes (2) ... The code we show is valid for 1.4.x branch. We start creating a subclass of Form {code:java} import org.apache.wicket.RequestCycle; import org.apache.wicket.markup.ComponentTag; import org.apache.wicket.markup.html.form.Form; import org.apache.wicket.model.IModel; import org.apache.wicket.protocol.http.RequestUtils; /** * * Form that does submit via HTTPs. * */ public class SecureForm<T> extends Form<T> { private static final long serialVersionUID = 1L; /** * Constructor. * * @param id See Component */ public SecureForm(String id) { super(id); } /** * @param id See Component * @param model See Component * * @see org.apache.wicket.Component#Component(String, IModel) */ public SecureForm(String id, IModel<T> model) { super(id, model); } @Override protected void onComponentTag(ComponentTag tag) { super.onComponentTag(tag); String action = "" if(!action.startsWith("http")) action = "" // rewrite action to use HTTPs if(!action.startsWith("https")) action = "" tag.put("action", action); } private String replacePort(String action) { RequestCycle requestCycle = RequestCycle.get(); SecureHttpsRequestCycleProcessor processor = (SecureHttpsRequestCycleProcessor)requestCycle.getProcessor(); Integer port = processor.getConfig().getHttpPort(); Integer httpsPort = processor.getConfig().getHttpsPort(); action.replace(":"+Integer.toString(port)+"/", ":"+Integer.toString(httpsPort)+"/"); return action; } } {code} {code:java} import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; ... Full Content Adding a sign-in page served over HTTP but authenticating using HTTPS On this wiki page we explain how to create a page (e.g. a public page of a site) served over HTTP but containing a sign in form that uses HTTPs for authentication. The code we show is valid for 1.4.x branch. We start creating a subclass of Form import org.apache.wicket.RequestCycle; import org.apache.wicket.markup.ComponentTag; import org.apache.wicket.markup.html.form.Form; import org.apache.wicket.model.IModel; import org.apache.wicket.protocol.http.RequestUtils; /** * * Form that does submit via HTTPs. * */ public class SecureForm<T> extends Form<T> { private static final long serialVersionUID = 1L; /** * Constructor. * * @param id See Component */ public SecureForm(String id) { super(id); } /** * @param id See Component * @param model See Component * * @see org.apache.wicket.Component#Component(String, IModel) */ public SecureForm(String id, IModel<T> model) { super(id, model); } @Override protected void onComponentTag(ComponentTag tag) { super.onComponentTag(tag); String action = "" class="code-quote">"action"); if(!action.startsWith("http")) action = "" // rewrite action to use HTTPs if(!action.startsWith("https")) action = "" class="code-quote">"https"+action.substring(4)); tag.put("action", action); } private String replacePort(String action) { RequestCycle requestCycle = RequestCycle.get(); SecureHttpsRequestCycleProcessor processor = (SecureHttpsRequestCycleProcessor)requestCycle.getProcessor(); Integer port = processor.getConfig().getHttpPort(); Integer httpsPort = processor.getConfig().getHttpsPort(); action.replace(":"+Integer.toString(port)+"/", ":"+Integer.toString(httpsPort)+"/"); return action; } } import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.wicket.RequestCycle; import org.apache.wicket.protocol.http.BufferedWebResponse; import org.apache.wicket.protocol.http.WebRequest; import org.apache.wicket.util.string.Strings; import es.liberty.paneuropeo.web.https.SwitchProtocolRequestTarget.Protocol; /** * @author Ernesto Reinaldo Barreiro * */ public class SecureBufferedWebResponse extends BufferedWebResponse { /** * @param httpServletResponse */ public SecureBufferedWebResponse(HttpServletResponse httpServletResponse) { super(httpServletResponse); } @Override public CharSequence encodeURL(CharSequence url) { RequestCycle requestCycle = RequestCycle.get(); WebRequest webRequest = (WebRequest)requestCycle.getRequest(); if((webRequest instanceof SecureServletWebRequest) && ((SecureServletWebRequest)webRequest).isUseAbsoluteURL()) { HttpServletRequest request = webRequest.getHttpServletRequest(); boolean isHTTPS =request.getScheme().equals(Protocol.HTTPS.name().toLowerCase()); if(isHTTPS) { SecureHttpsRequestCycleProcessor processor = (SecureHttpsRequestCycleProcessor)requestCycle.getProcessor(); Integer port = null; if (processor.getConfig().getHttpPort() != 80) { port = processor.getConfig().getHttpPort(); } String absUrl = getUrl("http", port, request, url.toString()); return super.encodeURL(absUrl); } } return super.encodeURL(url); } /** * Rewrite the url using the specified protocol * * @param protocol * @param port * @param request * @return url */ protected String getUrl(String protocol, Integer port, HttpServletRequest request, String queryString) { if(queryString.startsWith("http") || queryString.startsWith("https")) return queryString; StringBuilder result = new StringBuilder(); result.append(protocol); result.append("://"); result.append(request.getServerName()); if (port != null) { result.append(":"); result.append(port); } result.append(request.getRequestURI()); if (queryString != null) { if(queryString.indexOf("../")>=0) { queryString = Strings.replaceAll(queryString, "../", "").toString(); } else if(!queryString.startsWith("?")) result.append("?"); result.append(queryString); } return result.toString(); } } Change Notification Preferences View Online | View Changes | Add Comment