I have managed to use XForwardedRequestWrapperFactory by creating a Filter. I also use HttpsMapper as follows :
setRootRequestMapper(new HttpsMapper(getRootRequestMapper(), new HttpsConfig()) { @Override protected Scheme getDesiredSchemeFor(IRequestHandler handler) { final HttpServletRequest request = (HttpServletRequest) RequestCycle.get().getRequest().getContainerRequest(); // Assume runtime deployment is always reverse proxied and SSL-terminated by load balancer // WARNING: This requires proper XForwardedRequestWrapperFactory configuration AND nginx configuration final Scheme desiredScheme = "https".equalsIgnoreCase(request.getScheme()) ? Scheme.HTTPS : super.getDesiredSchemeFor(handler); log.debug("Scheme: {} Secure: {} Remote Addr: {} desiredScheme for {}: {}", request.getScheme(), request.isSecure(), request.getRemoteAddr(), null != handler ? handler.getClass().getSimpleName() : null, desiredScheme); return desiredScheme; } }); However, even though I've confirmed that XForwardedRequestWrapperFactory works as intended (settings scheme=https and isSecure=true), getDesiredSchemeFor() always returns HTTPS in my case, initial redirect for stateful pages are always done using HTTP. i.e. from https://.../match/edit redirected to http://.../match/edit?1, while I would expect it to be redirected to https://.../match/edit?1 Please help, thank you in advance. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/How-to-force-page-redirects-to-HTTPS-tp4678479p4678482.html Sent from the Users forum mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org