I have managed to use XForwardedRequestWrapperFactory by creating a Filter.
I also use HttpsMapper as follows :
setRootRequestMapper(new HttpsMapper(getRootRequestMapper(), new
HttpsConfig()) {
@Override
protected Scheme getDesiredSchemeFor(IRequestHandler handler) {
final HttpServletRequest request = (HttpServletRequest)
RequestCycle.get().getRequest().getContainerRequest();
// Assume runtime deployment is always reverse proxied and
SSL-terminated by load balancer
// WARNING: This requires proper
XForwardedRequestWrapperFactory configuration AND nginx configuration
final Scheme desiredScheme =
"https".equalsIgnoreCase(request.getScheme()) ? Scheme.HTTPS :
super.getDesiredSchemeFor(handler);
log.debug("Scheme: {} Secure: {} Remote Addr: {}
desiredScheme for {}: {}",
request.getScheme(), request.isSecure(),
request.getRemoteAddr(),
null != handler ? handler.getClass().getSimpleName()
: null, desiredScheme);
return desiredScheme;
}
});
However, even though I've confirmed that XForwardedRequestWrapperFactory
works as intended (settings scheme=https and isSecure=true),
getDesiredSchemeFor() always returns HTTPS in my case, initial redirect for
stateful pages are always done using HTTP. i.e. from https://.../match/edit
redirected to http://.../match/edit?1, while I would expect it to be
redirected to https://.../match/edit?1
Please help, thank you in advance.
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/How-to-force-page-redirects-to-HTTPS-tp4678479p4678482.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
