"matt.drees" wrote :
|
| This is what we're planning to do. I haven't tested it yet (don't have an
ssl cert set up yet), but I think it should work. I'll report back if it
doesn't.
|
| We use BIG-IP for loadbalancing and ssl decryption. For ssl requests,
we've configured it to add a specific request header. I haven't tested this,
but I think we only need to override Request.getScheme(), and not
Request.getRequestURL().
|
|
| |
| | @Name("bigIpSslFilter")
| | @Scope(ScopeType.APPLICATION)
| | @BypassInterceptors
| | @org.jboss.seam.annotations.web.Filter
| | public class BigIpSslFilter implements Filter {
| |
| | public void destroy() {
| | }
| |
| | public void doFilter(ServletRequest request, ServletResponse
response,
| | FilterChain filterChain) throws IOException,
ServletException {
| | if (request instanceof HttpServletRequest) {
| | filterChain.doFilter(new
BigIpSslRequest((HttpServletRequest) request), response);
| | } else {
| | filterChain.doFilter(request, response);
| | }
| | }
| |
| | public void init(FilterConfig filterConfig) throws
ServletException {
| | }
| |
| | public static class BigIpSslRequest extends
HttpServletRequestWrapper {
| |
| | public BigIpSslRequest(HttpServletRequest request) {
| | super(request);
| | }
| |
| | @Override
| | public String getScheme() {
| | String forwardedScheme =
getRequest().getHeader("HTTP_X_FORWARDED_PROTO");
| | if (forwardedScheme != null &&
forwardedScheme.equals("https")) {
| | return "https";
| | }
| | return super.getScheme();
| | }
| |
| | @Override
| | public HttpServletRequest getRequest() {
| | return (HttpServletRequest) super.getRequest();
| | }
| | }
| | }
| |
|
| (btw, it's the same header that rails looks for to determine proxied https
requests, since we also have some rails apps)
Sorry Matt, but your filter doesn't actually work, because Seam doesn't use the
getScheme() method of the ServletRequest. This one works:
| @Name("forwardedHttpsDecoderFilter")
| @Scope(ScopeType.APPLICATION)
| @BypassInterceptors
| @Filter
| public class ForwardedHttpsDecoderFilter extends AbstractFilter {
|
| public static final String HEADER_HTTP_X_FORWARDED_PROTO =
"HTTP_X_FORWARDED_PROTO";
|
| public static class SslRequest extends HttpServletRequestWrapper {
|
| public SslRequest(HttpServletRequest request) {
| super(request);
| }
|
| public HttpServletRequest getRequest() {
| return (HttpServletRequest) super.getRequest();
| }
|
| public StringBuffer getRequestURL() {
| StringBuffer requestURL = super.getRequestURL();
| if (requestURL.indexOf("http://";) == 0) {
| requestURL.replace(0, 7, "https://";);
| }
| return requestURL;
| }
| }
|
| public void doFilter(ServletRequest request, ServletResponse response,
| FilterChain filterChain) throws IOException,
ServletException {
|
| if (request instanceof HttpServletRequest) {
| String forwardedScheme = ((HttpServletRequest)
request).getHeader(HEADER_HTTP_X_FORWARDED_PROTO);
| if (forwardedScheme != null && forwardedScheme.equals("https")) {
| request = new SslRequest((HttpServletRequest) request);
| }
| }
| filterChain.doFilter(request, response);
| }
|
| public void destroy() {
| }
|
| public void init(FilterConfig filterConfig) throws ServletException {
| }
| }
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4126531#4126531
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4126531
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
