Ok the web.xml http://pastie.org/819535
Note that requests ARE filtered through the portal's request filter, however one would assume that if it's going to change HTTPS to HTTP, it would do so for ALL tools, not just Wicket ones. The rest is all standard stuff extending WebApplication and the Application.init() is pretty much empty except for things like setting the expired page, stripping the Wicket tags, etc etc, a couple of snippets on how it gets from the Application to the first page: http://pastie.org/819541 And the BasePage: http://pastie.org/819544 thanks, Steve On 11/02/2010, at 3:57 PM, Jeremy Thomerson wrote: > okay, so now at least we know what's causing it. the frame is redirected to > http. now, we have to determine what's making your wicket request redirect > to http. > > you might supply a couple things: > - your web.xml for the wicket app > - any customized code you have in the request cycle processor > - an idea of what kind of app - i.e. are you inheriting from a non-standard > application class (say, spring*application, brix*application, etc...) that > might be controlling the request cycle? > > -- > Jeremy Thomerson > http://www.wickettraining.com > > > > On Wed, Feb 10, 2010 at 10:49 PM, Steve Swinsburg <steve.swinsb...@gmail.com >> wrote: > >> It's done by the portal, but it renders an iframe of source: >> >> src=" >> >> https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea >> >> >> Which is the direct link to the tool instance. >> >> So it appears to be HTTPS, but then reverts to HTTP for some reason. If I >> go to that URL in my browser, with HTTPS intact, it will revert to HTTP in >> front of me. If I grab the iframe source for another tool, say a Velocity >> based tool, the url is similar, still HTTPS, and stays HTTPS when viewing >> it. >> >> thanks, >> Steve >> >> >> >> On 11/02/2010, at 3:36 PM, Andrew Lombardi wrote: >> >> what's the code you're using to render the link for the iframe in wicket? >> have you pasted that yet? >> >> On Feb 10, 2010, at 8:32 PM, Steve Swinsburg wrote: >> >> Ok I did that, the Wicket app comes up as as HTTP, however if I do the same >> thing to any that renders in the same style of iframe, it's HTTPS. these >> tools are other display technologies, like JSF, Velocity, etc. >> >> >> Here's the first Wicket app: >> >> >> http://server.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea/?panel=Main >> >> >> Here's a Velocity app in in the same page: >> >> >> https://server.edu.au/portal/tool/f85ba967-614f-4d5d-81cc-1d931f660b93?panel=Main >> >> >> The URL of the entire site is: >> >> >> https://server.edu.au/portal/site/test123/page/3881df23-3931-4928-9d36-702629927ba0 >> >> >> I have another Wicket app that another developer wrote, same thing, HTTP >> only. So it's only Wicket tools that are doing this. >> >> >> thanks, >> >> Steve >> >> >> >> >> On 11/02/2010, at 3:22 PM, Jeremy Thomerson wrote: >> >> >> What I've suspected all along is that your main page MAY be loaded https, >> >> but that your iframe src is actually ending up http. >> >> >> do this (in firefox): pull up the app in https, right click in the iframe, >> >> click "this frame", click "show only this frame". is the url that appears >> >> with the iframe content https? >> >> >> -- >> >> Jeremy Thomerson >> >> http://www.wickettraining.com >> >> >> >> >> On Wed, Feb 10, 2010 at 9:57 PM, Steve Swinsburg >> >> <steve.swinsb...@gmail.com>wrote: >> >> >> Exactly. So why are they coming up as HTTP when both the URL and iframe src >> >> are both HTTPS. All resources that Wicket sends from this application are >> >> coming up as HTTP. So I am thinking it still thinks its on HTTP, not HTTPS. >> >> >> I'll add some logging to the Application init() to figure out if Wicket >> >> thinks its on HTTP or HTTPS. >> >> >> Could be the iframe? >> >> >> thanks, >> >> Steve >> >> >> >> On 11/02/2010, at 2:48 PM, Igor Vaynberg wrote: >> >> >> your paste does not contain any absolute urls, only relative ones... >> >> >> -igor >> >> >> On Wed, Feb 10, 2010 at 7:15 PM, Steve Swinsburg >> >> <steve.swinsb...@gmail.com> wrote: >> >> Yes, the app is rendered in an iframe as my app is deployed into a >> >> portal >> >> container. I pasted that HTML from the iframe source, but here is the >> >> whole >> >> lot: >> >> http://pastie.org/819416 >> >> Line 21 has the import for the css. >> >> Line 55 is a ContextImage >> >> The iframe source >> >> is: src=" >> >> >> https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea?panel=Main >> >> " >> >> and that renders the tool. >> >> Using the padlock in the bottom right of Firefox, and analysing the >> >> Media, >> >> gives all images that are loaded on the page, and all of those that come >> >> from this app are http only, the rest that come from the portal >> >> container >> >> are https as normal. Changing the address to http and refreshing makes >> >> the >> >> portal container urls change to http as expected. >> >> >> thanks, >> >> Steve >> >> >> On 11/02/2010, at 1:45 PM, Jeremy Thomerson wrote: >> >> >> Well, can you paste the actual html that is generated that links to your >> >> stylesheet on the https page? Because what you pasted earlier was a >> >> relative URL, which would mean that the browser would make it https as >> >> well. So, they're some piece of the puzzle we haven't received yet. >> >> Perhaps you could browse to the https page, view source, copy the whole >> >> source into pastebin and send it? >> >> >> Are you using iframes or anything? >> >> >> -- >> >> Jeremy Thomerson >> >> http://www.wickettraining.com >> >> >> >> >> On Wed, Feb 10, 2010 at 8:29 PM, Steve Swinsburg >> >> <steve.swinsb...@gmail.com>wrote: >> >> >> Edit: ... thats how I can confirm it was broken, because when I change >> >> it >> >> >> to http it works. >> >> >> >> >> On 11/02/2010, at 1:26 PM, Steve Swinsburg wrote: >> >> >> Yes. And thats how I can confirm it breaks when I change the address to >> >> >> just http. Both http and https work on this particular site which makes >> >> it >> >> >> easy for testing. >> >> >> The address is https and then it renders the content in an iframe with >> >> >> source attribute that is also https (I'm working in a portal framework). >> >> >> >> >> On 11/02/2010, at 1:00 PM, Andrew Lombardi wrote: >> >> >> and the URL for your page in the Location bar *is* https? >> >> >> On Feb 10, 2010, at 5:55 PM, Steve Swinsburg wrote: >> >> >> What I meant to say was that the ContextImage and CSS looks fine, >> >> >> however the actual URLs it renders are all HTTP, not HTTPS when they >> >> should >> >> >> be. The first resource link is clearly broken. >> >> >> cheers, >> >> >> Steve >> >> >> >> >> On 11/02/2010, at 12:13 PM, Steve Swinsburg wrote: >> >> >> Hi Jeremy, >> >> >> For resources its rendered as >> >> >> >> >> http://myserver/webapp/context/resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif >> >> >> For a ContextImage its: >> >> >> <img src="images/no_image.gif"/> >> >> >> For the CSS include its: >> >> >> <link rel="stylesheet" type="text/css" href="css/styles.css" /> >> >> >> It all looks fine except the styles.css that has the classes are >> >> >> sending the images over HTTP, and they declare like: >> >> >> >> >> .someClass { >> >> >> background-image: url(/library/image/silk/icon.png); >> >> >> } >> >> >> >> >> >> cheers, >> >> >> Steve >> >> >> >> >> >> >> On 11/02/2010, at 11:53 AM, Jeremy Thomerson wrote: >> >> >> What URL does Wicket generate in your HTML? >> >> >> -- >> >> >> Jeremy Thomerson >> >> >> http://www.wickettraining.com >> >> >> >> >> On Wed, Feb 10, 2010 at 6:46 PM, Steve Swinsburg >> >> >> <steve.swinsb...@gmail.com>wrote: >> >> >> Note that this also happens for resources that Wicket serves, eg: >> >> >> >> resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif >> >> >> and ContextImages. >> >> >> Can I detect HTTPS and force Wicket to serve content over HTTPS? >> >> >> thanks, >> >> >> Steve >> >> >> >> On 11/02/2010, at 11:14 AM, Steve Swinsburg wrote: >> >> >> The request for the CSS is a renderCssReference call: >> >> >> response.renderCSSReference("css/styles.css"); >> >> >> So it should be relative to what ever protocol is being used? >> >> >> >> >> >> >> On 11/02/2010, at 10:58 AM, jason lea wrote: >> >> >> The background image url is relative to the css file. Is the >> >> >> request for >> >> >> the css file https? >> >> >> On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg < >> >> >> steve.swinsb...@gmail.com >> >> >> wrote: >> >> >> >> Hi all, >> >> >> >> I have a Wicket application that is running over HTTPS but is >> >> >> rendering >> >> >> some images (like background images from css) over HTTP only. This >> >> >> causes >> >> >> the 'This page contains unsecure items' type warning and inspecting >> >> >> the >> >> >> Page >> >> >> Info from Firefox shows they are indeed being served over HTTP only. >> >> >> >> Luckily I can switch this particular site to be just HTTP and as >> >> >> soon as I >> >> >> do that, the issues go away (obviously since its all just HTTP now). >> >> >> However >> >> >> I cannot just run the entire app over HTTPS only, as this >> >> >> application is >> >> >> deployed in many different contexts by many different institutions >> >> >> and they >> >> >> may be running it over HTTP only. >> >> >> >> So can I force Wicket to render everything via HTTPS if its running >> >> >> over >> >> >> HTTPS and just normal HTTP if its running as such? >> >> >> >> Note that I have things like: >> >> >> >> .someClass { >> >> >> background-image: url(/library/image/silk/icon.png); >> >> >> } >> >> >> >> so I can't just prefix all URL links since most of them come from >> >> >> the CSS. >> >> >> >> thanks, >> >> >> Steve >> >> >> >> >> >> >> -- >> >> >> Jason Lea >> >> >> >> >> >> >> >> >> >> To our success! >> >> >> Mystic Coders, LLC | Code Magic | www.mysticcoders.com >> >> >> ANDREW LOMBARDI | and...@mysticcoders.com >> >> >> 2321 E 4th St. Ste C-128, Santa Ana CA 92705 >> >> >> ofc: 714-816-4488 >> >> >> fax: 714-782-6024 >> >> >> cell: 714-697-8046 >> >> >> linked-in: http://www.linkedin.com/in/andrewlombardi >> >> >> twitter: http://www.twitter.com/kinabalu >> >> >> Eco-Tip: Printing e-mails is usually a waste. >> >> >> ======================================================== >> >> >> This message is for the named person's use only. You must not, directly >> >> >> or indirectly, use, >> >> >> disclose, distribute, print, or copy any part of this message if you are >> >> >> not the intended recipient. >> >> >> ======================================================== >> >> >> >> >> >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> >> >> >> >> >> >> To our success! >> >> Mystic Coders, LLC | Code Magic | www.mysticcoders.com >> >> ANDREW LOMBARDI | and...@mysticcoders.com >> 2321 E 4th St. Ste C-128, Santa Ana CA 92705 >> ofc: 714-816-4488 >> fax: 714-782-6024 >> cell: 714-697-8046 >> linked-in: http://www.linkedin.com/in/andrewlombardi >> twitter: http://www.twitter.com/kinabalu >> >> Eco-Tip: Printing e-mails is usually a waste. >> >> ======================================================== >> This message is for the named person's use only. You must not, directly or >> indirectly, use, >> disclose, distribute, print, or copy any part of this message if you are >> not the intended recipient. >> ======================================================== >> >> >>
smime.p7s
Description: S/MIME cryptographic signature
