tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Hackel (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TAP5-2080) Its not possible to use Tapestry5 behind an SSL Proxy AND internally / BaseURLSource is crap
Date Fri, 08 Mar 2013 07:54:15 GMT

    [ https://issues.apache.org/jira/browse/TAP5-2080?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13596930#comment-13596930
] 

Thomas Hackel commented on TAP5-2080:
-------------------------------------

Finally i got the replacement of the BaseURLSource which works correct for my scenario.
I think tapestry should provide such BaseURLSource out of the box because the proxy scenario
is way more common than exposing the Tomcat directly and using @Secured.

Just in the case an other person has the same problem (sorry for the format, no clue why this
JIRA instance does not support markup):

{code}
@PreventServiceDecoration
public class ProxyEnabledBaseURLSource implements BaseURLSource {

	private final HttpServletRequest request;

	public ProxyEnabledBaseURLSource(HttpServletRequest request) {
		this.request = request;
	}

	/**
	 * {@inheritDoc}
	 */
	@Override
	public String getBaseURL(boolean secure) {
		if (secure) {
			throw new IllegalAccessError("This implementation of "
					+ BaseURLSource.class.getSimpleName()
					+ " does not support the 'secure' flag");
		}
		String scheme = "http";
		String port = "";
		String host = "";
		if (request.getScheme() != null) {
			scheme = request.getScheme();
		}
		if (request.getServerName() != null) {
			host = request.getServerName();
		}
		if (request.getServerPort() > 0) {
			// if scheme is HTTPS/HTTP and port 443/80, we don't need to set the
			// port
			if (!("https".equalsIgnoreCase(scheme) && request.getServerPort() == 443)
					&& !("http".equalsIgnoreCase(scheme) && request
							.getServerPort() == 80)) {
				port = ":" + String.valueOf(request.getServerPort());
			}
		}
		return String.format("%s://%s%s", scheme, host, port);
	}
}
{code}

The configuration part in the AppModule:

{code}
	public static void bind(ServiceBinder binder) {
		binder.bind(BaseURLSource.class, ProxyEnabledBaseURLSource.class)
				.withId("ProxyEnabledBaseURLSource");
	}

	@Contribute(ServiceOverride.class)
	public static void setupApplicationServiceOverrides(
			MappedConfiguration<Class<?>, Object> configuration,
			@InjectService("ProxyEnabledBaseURLSource") BaseURLSource override) {
		configuration.add(BaseURLSource.class, override);
	}
{code}


                
> Its not possible to use Tapestry5 behind an SSL Proxy AND internally / BaseURLSource
is crap
> --------------------------------------------------------------------------------------------
>
>                 Key: TAP5-2080
>                 URL: https://issues.apache.org/jira/browse/TAP5-2080
>             Project: Tapestry 5
>          Issue Type: Bug
>    Affects Versions: 5.3.6
>            Reporter: Thomas Hackel
>
> Two Scenario:
> 1. User(Internet)->SSL-Proxy:443->Tomcat:8080
> 2. User(Intranet)->Tomcat:8080
> The BaseURLSourceImpl DOES NOT use the Scheme of the request, it just uses the secured
flag to change the scheme. Which is not required/useful in the scenario above.
> The BaseURLSource creates links like "http://foo:443/bar" instead of "https://foo/bar".
> This problem was already mentioned in TAP5-167 which was "silently" closed.
> Overwriting the BaseURLSource, as described in http://tapestry.apache.org/https.html
is also not possible because you would need a Request object which can't be injected because
it causes some "service cycle" problem. The Request object is required to physically map 443
to https, because the Tap5 Request object also lacks the Request Scheme...
> {code}
> 	public static void contributeServiceOverride(
> 			MappedConfiguration<Class<?>, Object> configuration,
> 			@Inject Request request) {
> 		BaseURLSource source = new ProxyEnabledBaseURLSource(request);
> 		configuration.add(BaseURLSource.class, source);
> 	}
> {code}
> Causes:
> {code}
> java.lang.IllegalStateException: Construction of service 'ServiceOverride' has failed
due to recursion: the service depends on itself in some way. Please check org.apache.tapestry5.ioc.internal.services.ServiceOverrideImpl(Map)
(at ServiceOverrideImpl.java:31) via org.apache.tapestry5.ioc.services.TapestryIOCModule.bind(ServiceBinder)
(at TapestryIOCModule.java:49) for references to another service that is itself dependent
on service 'ServiceOverride'.
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message