roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Raible <m...@raibledesigns.com>
Subject Re: Absolute URL without scheme prefix
Date Tue, 08 Apr 2014 15:35:40 GMT
I was successful in fixing my base URL by changing it to:

<base href="$absBaseURL.replace('https:', '')" />

Now everything works with both http and https, provided I change iframes
(and other embedded URLs) to use // instead of http://.

I was unable to get "force HTTPs" to work, either by modifying web.xml or
security.xml.

For web.xml, I tried adding the following:

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>HTTPS resources</web-resource-name>
            <url-pattern>/roller-ui/login.rol</url-pattern>
            <url-pattern>/roller-ui/register.rol</url-pattern>
            <url-pattern>/roller-ui/register!save.rol</url-pattern>
            <url-pattern>/roller-ui/profile.rol</url-pattern>
            <url-pattern>/roller-ui/profile!save.rol</url-pattern>
            <url-pattern>/roller-ui/admin/*</url-pattern>
            <url-pattern>/roller-ui/login-redirect.jsp</url-pattern>
            <url-pattern>/roller-ui/login-redirect.rol</url-pattern>
            <url-pattern>/roller-ui/authoring/userdata</url-pattern>

<url-pattern>/roller-ui/authoring/membersInvite.rol</url-pattern>

<url-pattern>/roller-ui/authoring/membersInvite!save.rol</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

Once I did this, I was redirected, but to port 8443 instead of 443. To fix
this, I changed tomcat/conf/server.xml to the following:

    <Connector port="8118" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />

After doing this, I received an infinite loop error in my browser.

Next, I tried modifying security.xml by adding the following:

<intercept-url pattern="/roller-ui/**" requires-channel="https" />

This seems to intercept forwards as well, so when trying to go to the
top-level URL, I was redirected to the following URL and got a infinite
loop error again.

https://raible.kgbinternet.com/roller-ui/rendering/page/rd

It would be nice to force SSL on the editor pages, but it seems impossible
with the current setup - unless I do it at the Apache level with
mod_rewrite.

Cheers,

Matt


On Tue, Apr 8, 2014 at 8:51 AM, Matt Raible <matt@raibledesigns.com> wrote:

> After further inspection, it looks like it's working fine on your blog.
> I'm guessing this is because you're missing a <base> element, whereas I
> have:
>
> <base href="https://raible.kgbinternet.com" />
>
>
> On Tue, Apr 8, 2014 at 8:47 AM, Matt Raible <matt@raibledesigns.com>wrote:
>
>> This seems to get me part of the way there - thanks Glen.
>>
>> To enable SSL and have it work for embedded iframes, it looks like I'll
>> have to change <iframe src="http://..."> to <iframe src="//...">.
>> Another thing I noticed is comments XML doesn't load. Is this because I
>> don't have a valid cert on my site? My certificate is for *.
>> raibledesigns.com - raible.kgbinternet.com is just a test site. If I use
>> the "https" version of the URL below, it works fine.
>>
>> http://raible.kgbinternet.com/rd/entry/developing_an_ios_native_app
>>
>> XMLHttpRequest cannot load
>> https://raible.kgbinternet.com/CommentAuthenticatorServlet. No
>> 'Access-Control-Allow-Origin' header is present on the requested resource.
>> Origin 'http://raible.kgbinternet.com' is therefore not allowed access.
>>
>>
>> On Mon, Apr 7, 2014 at 6:10 PM, Glen Mazza <glen.mazza@gmail.com> wrote:
>>
>>> Hi Matt, I think what I'm doing on my OpenShift blog (http[s]://
>>> web-gmazza.rhcloud.com/) could work for you:
>>>
>>> 1.) On the blog server administration page, "Absolute URL to site (if
>>> required)" field, I have "https://web-gmazza.rhcloud.com"
>>> 2.) I uncommented the <security-constraint/> section at the bottom of
>>> the default web.xml: http://svn.apache.org/viewvc/
>>> roller/trunk/app/src/main/webapp/WEB-INF/web.xml?view=markup
>>>
>>> This gives me both https:// and http:// for the blog reader, but only
>>> the former when I'm creating blogs, logging in, etc.
>>>
>>> HTH,
>>> Glen
>>>
>>>
>>> On 4/7/2014 3:56 PM, Matt Raible wrote:
>>>
>>>> I'm thinking about making my site accessible over http as well as
>>>> https. One thing I noticed is the absolute URL requires a prefix. I tried
>>>> changing it from "http://" to just "//" (so it uses the same scheme as
>>>> the page) and it fails:
>>>>
>>>> java.net.MalformedURLException: no protocol: //localhost:8080
>>>>         at java.net.URL.<init>(URL.java:585)
>>>>         at java.net.URL.<init>(URL.java:482)
>>>>         at java.net.URL.<init>(URL.java:431)
>>>>         at org.apache.roller.weblogger.ui.rendering.velocity.
>>>> deprecated.ContextLoader.loadPathValues(ContextLoader.java:420)
>>>>         at org.apache.roller.weblogger.ui.rendering.velocity.
>>>> deprecated.ContextLoader.setupContext(ContextLoader.java:192)
>>>>         at org.apache.roller.weblogger.ui.rendering.model.
>>>> ModelLoader.loadOldModels(ModelLoader.java:57)
>>>>         at org.apache.roller.weblogger.ui.rendering.servlets.
>>>> PageServlet.doGet(PageServlet.java:436)
>>>>
>>>> Is it possible to enhance the "$absBaseURL" macro to allow no prefix?
>>>>
>>>> I'm using Roller 5.0.3 on Tomcat 7.
>>>>
>>>> Thanks,
>>>>
>>>> Matt
>>>>
>>>
>>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message