Use Case:
Most of the times we terminate SSL on load balancer or at dispatcher and communication to publish happen over http. In this case publish server is often not SSL aware and any request specific operations (For example relative path redirect or Link rewriting) happens over http. For example if you do something like request.sendRedirect("/somepath") from server it will get redirected to http://server-name/somepath or when you will do request.isSecure() it will return false. Operations like externalizer.externalLink(resolver, "mydomain", "/my/page") + ".html"; will also return http version of link.
Solution:
Option 1:
Let all links be http and then do force redirect on dispatcher or Load Balancer. For dispatcher rule can be as simple as this,
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [L,R=301]
Issue:
Most of the times we terminate SSL on load balancer or at dispatcher and communication to publish happen over http. In this case publish server is often not SSL aware and any request specific operations (For example relative path redirect or Link rewriting) happens over http. For example if you do something like request.sendRedirect("/somepath") from server it will get redirected to http://server-name/somepath or when you will do request.isSecure() it will return false. Operations like externalizer.externalLink(resolver, "mydomain", "/my/page") + ".html"; will also return http version of link.
Solution:
Option 1:
Let all links be http and then do force redirect on dispatcher or Load Balancer. For dispatcher rule can be as simple as this,
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [L,R=301]
Issue:
- Not SEO friendly (Unless it is relative link).
- Can not embed as portlet or Iframe (Cross Site include error) over https.
Option 2:
Use SSL filter from Felix HTTP services http://felix.apache.org/documentation/subprojects/apache-felix-http-service.html#using-the-ssl-filter
If filter is configured, it looks for header configured in configuration and if header value matches configured value context on publish is considered secure and request.isSecure() will return true.
In above case if X-Forwarded-SSL is present with value on then servlet context is secure.
Note: This might not work in version latest CQ version. You can build your own version from trunk https://github.com/apache/felix/tree/trunk/http/sslfilter or from http://svn.apache.org/repos/asf/felix/trunk/http/sslfilter/
One working version of file can be downloaded from here
As usual let me know if you have any question. Special thanks to Shenghao Huang from LinkedIn for finding this.
Looking for best TNPSC study materials to prepare for the examination? Make use of our samacheer kalvi books and other study guide to learn from experts. TNPSC One Time Registration
ReplyDeleteI would like to value the time the author has taken to share this content with us. The author has focused on a single topic and explained it in detail.
ReplyDeleteSpoken English Classes in Chennai
Spoken English Class in Chennai
Spoken English in Chennai
IELTS Training in Chennai
IELTS Chennai
Best English Speaking Classes in Mumbai
Spoken English Classes in Mumbai
IELTS Mumbai
IELTS Center in Mumbai
IELTS Coaching in Anna Nagar
Nice blog thanks for sharing Try out different styles and bring your backyard back to life with the best garden service in Chennai - Karuna Nursery Gardens. Right from landscaping, terrace gardening and corporate services and renting plants, we do it all.
ReplyDeleteplant nursery in chennai
rental plants in chennai
corporate gardening service in chennai
Really nice blog. Geek Squad provides 24 hours of service to help you out the complete procedure of downloading and installing the Setup. For more information, visit Geek Squad
ReplyDelete