...
Inside of the Application.init() method add the following, note: it .
Note |
---|
It is extemtely important that when setting the rootRequestMapper it is done AFTER you have added any bookmarkable links otherwise they will not be switched over to Secure mode. |
Code Block |
---|
mountPage("/somepage", MyPage.class); // notice that in most cases this should be done as the // last mounting-related operation because it replaces the root mapper setRootRequestMapper(new HttpsMapper(getRootRequestMapper(), new HttpsConfig())); |
As with previous versions of Wicket, now all you need to do is include the @RequiresHttps @RequireHttps attribute on your Pages or Components.
Using other methods to determine if Https should be use:
Referencing the example above, override the getDesiredSchemeFor method.
Code Block |
---|
setRootRequestMapper(new HttpsMapper(getRootRequestMapper(), new HttpsConfig()){ @Override protected Scheme getDesiredSchemeFor(Class pageClass) { if (getConfigurationType()==RuntimeConfigurationType.DEVELOPMENT) { log.debug("Dev mode, always use HTTP"); return Scheme.HTTP; } else { log.debug("not in development mode, letting the mapper decide, or roll you own solution"); return super.getDesiredSchemeFor(pageClass); } } }); |
—
...
Using HttpsRequestCycleProcessor (after 1.4--rc3)
By replacing the default WebRequestCycleProcessor with the HttpsRequestCycleProcessor, you are able to specify secure pages using the @RequireHttps annotation on your pages. If you wanted a little more control... lets say for development you did not want your annotated pages to use https, you could bypass the Switch Protocol code like this. As of 1.4-rc3 Wicket provides built in support for http/https switching via org.apache.wicket.protocol.https.HttpsRequestCycleProcessor. Please see the javadoc of this class for details
Code Block |
---|
@Override protected IRequestCycleProcessor newRequestCycleProcessor() { HttpsConfig config = new HttpsConfig(80,443); return new HttpsRequestCycleProcessor(config) { @Override protected IRequestTarget checkSecureIncoming(IRequestTarget target) { if (getConfigurationType().equals(Application.DEVELOPMENT)) { return target; } else { return super.checkSecureIncoming(target); } } @Override protected IRequestTarget checkSecureOutgoing(IRequestTarget target) { if (getConfigurationType().equals(Application.DEVELOPMENT)) { return target; } else { return super.checkSecureOutgoing(target); } } }; } |
...