DO NOT REPLY [Bug 43613] New: - SslRedirectAction produces a "redirect" loop

Fri, 12 Oct 2007 08:51:15 -0700 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43613>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43613

           Summary: SslRedirectAction produces a "redirect" loop
           Product: Lenya
           Version: 2.0
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Miscellaneous
        AssignedTo: [email protected]
        ReportedBy: [EMAIL PROTECTED]


Assuem the following proxy settings:

<proxy area="live" ssl="true" url="https://www.example.org"/>
<proxy area="live" ssl="false" url="http://www.example.org"/>

A request for http://www.example.org/secure.html (where secure ist ssl
protected" is redirect to https://www.example.org/secure.html. This request
again is redirect to https://www.example.org/secure.html by the
SslRedirectAction and so on ......

I checked in a fix: 
Index: SslRedirectAction.java
===================================================================
--- SslRedirectAction.java      (revision 584054)
+++ SslRedirectAction.java      (working copy)
@@ -74,7 +74,7 @@
                 PolicyManager policyManager = 
accessController.getPolicyManager();
                 Policy policy =
policyManager.getPolicy(accessController.getAccreditableManager(),
                         url);
-                if (policy.isSSLProtected()) {
+                if (policy.isSSLProtected() &&
!request.getScheme().equals("https")) {
                     Session session = RepositoryUtil.getSession(this.manager,
request);
                     LinkRewriter rewriter = new
OutgoingLinkRewriter(this.manager, session, url,
                             false, true, false);

assuming that if the scheme is already https there is no need to redirect again.
 Maybe someone has a better solution for that problem. 

BTW I am not sure what happend if we use mod_proxy on a frontend apache server
which does not redirect to tomcat using https??

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to