[
https://issues.apache.org/jira/browse/WICKET-5129?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tim Urberg updated WICKET-5129:
-------------------------------
Description:
I'm having an issue with HttpsMapper not switching to SSL when there is no
JSESSIONID cookie. It's happening with wicket-auth-roles when the user goes to
the home page, which need authentication. I have this code in my init method
in my WebApplication class.
getSecuritySettings().setAuthorizationStrategy(new IAuthorizationStrategy()
{
@Override
public <T extends IRequestableComponent> boolean
isInstantiationAuthorized(Class<T> componentClass)
{
if (AuthenticatedWebPage.class.isAssignableFrom(componentClass))
{
if (MyAuthenticatedWebSession.get().isSignedIn())
return true;
throw new RestartResponseAtInterceptPageException(new LoginPage());
}
return true;
}
@Override
public boolean isActionAuthorized(Component component, Action action)
{
return true;
}
});
HomePage implements AuthenticatedWebPage and LoginPage has the @RequireHttps
annotation. This only seems to happen when there is no JSESSIONID cookie. The
URL looks like this:
http://localhost:8080/login;jsessionid=1c9nRTpWGWynRXdX1WKC5ZnSfTNKCydGTdHH83mvfXQZQcQ8fLpx!-1875818450?0
when it should be https://localhost:8443/login. If I try it a second time
after the cookie has been created it works fine. This is not a problem when I
go straight to http://localhost:8080/login (works fine then).
was:
I'm having an issue with HttpsMapper not switching to SSL when there is no
JSESSIONID cookie. It's happening with wicket-auth-roles when the user goes to
the home page, which need authentication. I have this code in my init method
in my WebApplication class.
getSecuritySettings().setAuthorizationStrategy(new IAuthorizationStrategy()
{
@Override
public <T extends IRequestableComponent> boolean
isInstantiationAuthorized(Class<T> componentClass)
{
if (AuthenticatedWebPage.class.isAssignableFrom(componentClass))
{
if (MyAuthenticatedWebSession.get().isSignedIn())
return true;
throw new RestartResponseAtInterceptPageException(new LoginPage());
}
return true;
}
@Override
public boolean isActionAuthorized(Component component, Action action)
{
return true;
}
});
HomePage implements AuthenticatedWebPage and LoginPage has the @RequireHttps
annotation. This only seems to happen when there is no JSESSIONID cookie. The
URL looks like this:
http://localhost:8080/wicket/page;jsessionid=1c9nRTpWGWynRXdX1WKC5ZnSfTNKCydGTdHH83mvfXQZQcQ8fLpx!-1875818450?0
when it should be https://localhost:8443/login. If I try it a second time
after the cookie has been created it works fine. This is not a problem when I
go straight to http://localhost:8080/login (works fine then).
> HttpsMapper Does Not Switch to SSL when there is no JSESSIONID Cookie
> ---------------------------------------------------------------------
>
> Key: WICKET-5129
> URL: https://issues.apache.org/jira/browse/WICKET-5129
> Project: Wicket
> Issue Type: Bug
> Components: wicket, wicket-auth-roles
> Affects Versions: 6.6.0
> Reporter: Tim Urberg
> Labels: HttpsMapper
> Attachments: httpsMapperError.zip
>
>
> I'm having an issue with HttpsMapper not switching to SSL when there is no
> JSESSIONID cookie. It's happening with wicket-auth-roles when the user goes
> to the home page, which need authentication. I have this code in my init
> method in my WebApplication class.
> getSecuritySettings().setAuthorizationStrategy(new IAuthorizationStrategy()
> {
> @Override
> public <T extends IRequestableComponent> boolean
> isInstantiationAuthorized(Class<T> componentClass)
> {
> if (AuthenticatedWebPage.class.isAssignableFrom(componentClass))
> {
> if (MyAuthenticatedWebSession.get().isSignedIn())
> return true;
> throw new RestartResponseAtInterceptPageException(new LoginPage());
> }
> return true;
> }
> @Override
> public boolean isActionAuthorized(Component component, Action action)
> {
> return true;
> }
> });
> HomePage implements AuthenticatedWebPage and LoginPage has the @RequireHttps
> annotation. This only seems to happen when there is no JSESSIONID cookie.
> The URL looks like this:
> http://localhost:8080/login;jsessionid=1c9nRTpWGWynRXdX1WKC5ZnSfTNKCydGTdHH83mvfXQZQcQ8fLpx!-1875818450?0
> when it should be https://localhost:8443/login. If I try it a second time
> after the cookie has been created it works fine. This is not a problem when
> I go straight to http://localhost:8080/login (works fine then).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
