I was successful in fixing my base URL by changing it to:
<base href="$absBaseURL.replace('https:', '')" />
Now everything works with both http and https, provided I change iframes
(and other embedded URLs) to use // instead of http://.
I was unable to get "force HTTPs" to work, either by modifying web.xml or
security.xml.
For web.xml, I tried adding the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPS resources</web-resource-name>
<url-pattern>/roller-ui/login.rol</url-pattern>
<url-pattern>/roller-ui/register.rol</url-pattern>
<url-pattern>/roller-ui/register!save.rol</url-pattern>
<url-pattern>/roller-ui/profile.rol</url-pattern>
<url-pattern>/roller-ui/profile!save.rol</url-pattern>
<url-pattern>/roller-ui/admin/*</url-pattern>
<url-pattern>/roller-ui/login-redirect.jsp</url-pattern>
<url-pattern>/roller-ui/login-redirect.rol</url-pattern>
<url-pattern>/roller-ui/authoring/userdata</url-pattern>
<url-pattern>/roller-ui/authoring/membersInvite.rol</url-pattern>
<url-pattern>/roller-ui/authoring/membersInvite!save.rol</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Once I did this, I was redirected, but to port 8443 instead of 443. To fix
this, I changed tomcat/conf/server.xml to the following:
<Connector port="8118" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
After doing this, I received an infinite loop error in my browser.
Next, I tried modifying security.xml by adding the following:
<intercept-url pattern="/roller-ui/**" requires-channel="https" />
This seems to intercept forwards as well, so when trying to go to the
top-level URL, I was redirected to the following URL and got a infinite
loop error again.
https://raible.kgbinternet.com/roller-ui/rendering/page/rd
It would be nice to force SSL on the editor pages, but it seems impossible
with the current setup - unless I do it at the Apache level with
mod_rewrite.
Cheers,
Matt
On Tue, Apr 8, 2014 at 8:51 AM, Matt Raible <m...@raibledesigns.com> wrote:
> After further inspection, it looks like it's working fine on your blog.
> I'm guessing this is because you're missing a <base> element, whereas I
> have:
>
> <base href="https://raible.kgbinternet.com"; />
>
>
> On Tue, Apr 8, 2014 at 8:47 AM, Matt Raible <m...@raibledesigns.com>wrote:
>
>> This seems to get me part of the way there - thanks Glen.
>>
>> To enable SSL and have it work for embedded iframes, it looks like I'll
>> have to change <iframe src="http://...";> to <iframe src="//...">.
>> Another thing I noticed is comments XML doesn't load. Is this because I
>> don't have a valid cert on my site? My certificate is for *.
>> raibledesigns.com - raible.kgbinternet.com is just a test site. If I use
>> the "https" version of the URL below, it works fine.
>>
>> http://raible.kgbinternet.com/rd/entry/developing_an_ios_native_app
>>
>> XMLHttpRequest cannot load
>> https://raible.kgbinternet.com/CommentAuthenticatorServlet. No
>> 'Access-Control-Allow-Origin' header is present on the requested resource.
>> Origin 'http://raible.kgbinternet.com' is therefore not allowed access.
>>
>>
>> On Mon, Apr 7, 2014 at 6:10 PM, Glen Mazza <glen.ma...@gmail.com> wrote:
>>
>>> Hi Matt, I think what I'm doing on my OpenShift blog (http[s]://
>>> web-gmazza.rhcloud.com/) could work for you:
>>>
>>> 1.) On the blog server administration page, "Absolute URL to site (if
>>> required)" field, I have "https://web-gmazza.rhcloud.com";
>>> 2.) I uncommented the <security-constraint/> section at the bottom of
>>> the default web.xml: http://svn.apache.org/viewvc/
>>> roller/trunk/app/src/main/webapp/WEB-INF/web.xml?view=markup
>>>
>>> This gives me both https:// and http:// for the blog reader, but only
>>> the former when I'm creating blogs, logging in, etc.
>>>
>>> HTH,
>>> Glen
>>>
>>>
>>> On 4/7/2014 3:56 PM, Matt Raible wrote:
>>>
>>>> I'm thinking about making my site accessible over http as well as
>>>> https. One thing I noticed is the absolute URL requires a prefix. I tried
>>>> changing it from "http://"; to just "//" (so it uses the same scheme as
>>>> the page) and it fails:
>>>>
>>>> java.net.MalformedURLException: no protocol: //localhost:8080
>>>> at java.net.URL.<init>(URL.java:585)
>>>> at java.net.URL.<init>(URL.java:482)
>>>> at java.net.URL.<init>(URL.java:431)
>>>> at org.apache.roller.weblogger.ui.rendering.velocity.
>>>> deprecated.ContextLoader.loadPathValues(ContextLoader.java:420)
>>>> at org.apache.roller.weblogger.ui.rendering.velocity.
>>>> deprecated.ContextLoader.setupContext(ContextLoader.java:192)
>>>> at org.apache.roller.weblogger.ui.rendering.model.
>>>> ModelLoader.loadOldModels(ModelLoader.java:57)
>>>> at org.apache.roller.weblogger.ui.rendering.servlets.
>>>> PageServlet.doGet(PageServlet.java:436)
>>>>
>>>> Is it possible to enhance the "$absBaseURL" macro to allow no prefix?
>>>>
>>>> I'm using Roller 5.0.3 on Tomcat 7.
>>>>
>>>> Thanks,
>>>>
>>>> Matt
>>>>
>>>
>>>
>>
>
