Versions Compared

Old Version 12

changes.mady.by.user Gerolf Seitz

Saved on

compared with

New Version Current

changes.mady.by.user Chris Merrill

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Wicket 6.x, using HttpsMapper

Inside of the Application.init() method add the following.

Note

It is extemtely important that when setting the rootRequestMapper it is done AFTER you have added any bookmarkable links otherwise they will not be switched over to Secure mode.

Code Block


mountPage("/somepage", MyPage.class);

// notice that in most cases this should be done as the
// last mounting-related operation because it replaces the root mapper
setRootRequestMapper(new HttpsMapper(getRootRequestMapper(), new HttpsConfig()));

As with previous versions of Wicket, now all you need to do is include the @RequireHttps attribute on your Pages or Components.

Using other methods to determine if Https should be use:

Referencing the example above, override the getDesiredSchemeFor method.

Code Block
setRootRequestMapper(new HttpsMapper(getRootRequestMapper(), new HttpsConfig()){
      @Override
      protected Scheme getDesiredSchemeFor(Class pageClass) {
         if (getConfigurationType()==RuntimeConfigurationType.DEVELOPMENT) {
         log.debug("Dev mode, always use HTTP");
         return Scheme.HTTP;
      } else {
         log.debug("not in development mode, letting the mapper decide, or roll you own solution");
         return super.getDesiredSchemeFor(pageClass);
      }
   }
});

Using HttpsRequestCycleProcessor (after 1.4--rc3)

By replacing the default WebRequestCycleProcessor with the HttpsRequestCycleProcessor, you are able to specify secure pages using the @RequireHttps annotation on your pages. If you wanted a little more control... lets say for development you did not want your annotated pages to use https, you could bypass the Switch Protocol code like this. As of 1.4-rc3 Wicket provides built in support for http/https switching via org.apache.wicket.protocol.https.HttpsRequestCycleProcessor. Please see the javadoc of this class for details

Code Block

@Override
protected IRequestCycleProcessor newRequestCycleProcessor()
{
    HttpsConfig config = new HttpsConfig(80,443);
    return new HttpsRequestCycleProcessor(config)
    {

        @Override
        protected IRequestTarget checkSecureIncoming(IRequestTarget target)
        {
            if (getConfigurationType().equals(Application.DEVELOPMENT))
            {
	        return target;
            }
            else
            {
                return super.checkSecureIncoming(target);
            }
        }

        @Override
        protected IRequestTarget checkSecureOutgoing(IRequestTarget target)
        {
            if (getConfigurationType().equals(Application.DEVELOPMENT))
            {
                return target;
            }
            else
            {
                return super.checkSecureOutgoing(target);
            }
        }

    };
}

For The Entire Application

...

Code Block
@Retention(RetentionPolicy.RUNTIME)
@Inherited //For a "BasePage" strategy
 public @interface RequiredSSL { }

...

Add @RequiredSSL to any Page that requires SSL !or to your BasePage, in case of use @Inherited annotation in RequiredSSL class.

Edit:

I tried to apply this but I think there was a bug (at least it didn't work for me). A else was missing before the requestTarget.respond(requestCycle); (see else added in the code).
Additionally, a switch back to non-ssl mode should/could be added by adding a if clause, more ore less like this:

...