THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Code Block |
|---|
@Override
protected IRequestCycleProcessor newRequestCycleProcessor() {
return new DefaultWebRequestCycleProcessor() {
@Override
protected IResponseStrategy newResponseStrategy() {
return new IResponseStrategy() {
public void respond(RequestCycle requestCycle) {
IRequestTarget requestTarget = requestCycle
.getRequestTarget();
if (requestTarget != null) {
Application.get().logResponseTarget(requestTarget);
WebRequest webRequest = (WebRequest) requestCycle
.getRequest();
WebResponse webResponse = (WebResponse) requestCycle
.getResponse();
HttpServletRequest httpServletRequest = webRequest
.getHttpServletRequest();
Class pageClass = null;
if (requestTarget instanceof IPageRequestTarget) {
IPageRequestTarget pageTarget =
(IPageRequestTarget) requestTarget;
pageClass = pageTarget.getPage().getClass();
} else if (requestTarget instanceof IBookmarkablePageRequestTarget) {
IBookmarkablePageRequestTarget bookmarkableTarget =
(IBookmarkablePageRequestTarget) requestTarget;
pageClass = bookmarkableTarget.getPageClass();
}
if (pageClass != null
&& !httpServletRequest.isSecure()
&& pageClass.isAnnotationPresent(RequiredSSL.class)) {
StringBuffer url = new StringBuffer("https://"
+ httpServletRequest.getServerName());
url.append(":" + MyApplication.get().getSslPort());
String q = RequestCycle.get().urlFor(
requestTarget).toString();
url.append(q);
webResponse.redirect(url.toString());
}
else /* requestTarget.respond(requestCycle);else added */
}
requestTarget.respond(requestCycle);
}
}
};
}
};
}
|
There are 2 important pieces of configuration that will change based on your environment.
1. SSL Port: There is no way to determine the SSL port being used via the servlet spec API, so this needs to be set manually. Grab the SSL port from your configuration. (Or better yet, set it with Spring in your applicationContext.xml from a properties file)
};
}
};
}
|
There are 2 important pieces of configuration that will change based on your environment.
1. SSL Port: There is no way to determine the SSL port being used via the servlet spec API, so this needs to be set manually. Grab the SSL port from your configuration. (Or better yet, set it with Spring in your applicationContext.xml from a properties file)
2. Hostname: In the code below, httpServletRequest.getServerName() is used to determine the hostname. This may not always work, for example in a clustered environment where your website's hostname resolves to an IP address on a router and each application server has a 2. Hostname: In the code below, httpServletRequest.getServerName() is used to determine the hostname. This may not always work, for example in a clustered environment where your website's hostname resolves to an IP address on a router and each application server has a unique hostname like appserver1 and appserver2. If you have this kind of setup, it would be best to grab the hostname from a configuration file or set it with Spring.
...
Add @RequiredSSL to any Page that requires SSL!
Edit:
I tried to apply this but I think there was a bug (at least it didn't work for me). A else was missing before the requestTarget.respond(requestCycle); (see else added in the code).
Additionally, a switch back to non-ssl mode should/could be added by adding a if clause, more ore less like this:
| Code Block |
|---|
else if (pageClass != null
&& httpServletRequest.isSecure()
&& !pageClass.isAnnotationPresent(RequiredSSL.class)) {
StringBuffer url = new StringBuffer("http://"
+ httpServletRequest.getServerName());
String q = RequestCycle.get().urlFor(
requestTarget).toString();
url.append(q);
webResponse.redirect(url.toString());
}
|