Help required - current Brix-master is not SSL enabled
22 views
Skip to first unread message
Korbinian
Mar 8, 2012, 8:09:52 AM3/8/12
to brix-cms-discuss
Hi,
during my fixing of the demo-workspace today, I noticed that SSL won't
work. I tried to go the wicket 1.5 way of adding an
setRootRequestMapper(new HttpsMapper(getRootRequestMapper(), new
HttpsConfig(config.getHttpPort(), config.getHttpsPort())));
to enable SSL, but it didnt work - neither on a pure wicket page
(admin) nor on brix itself. So, I looked into the mappers we have and
I didn't see any trace of HTTPS or SSL in them.
In wicket 1.4 all was done by the QueryStringHybridUrlCodingStrategy,
but this is not used anymore - can any wicket 1.5 guru please tell me
how a Mapper has to work so the mapper can decide whether he needs SSL
or not?
Best,
KB
PS: maybe https://github.com/kbachl/brix-cms/commit/2e63d02e52af71a9bdda119282ac5fb04a492e7b
is a help;
during my fixing of the demo-workspace today, I noticed that SSL won't
work. I tried to go the wicket 1.5 way of adding an
setRootRequestMapper(new HttpsMapper(getRootRequestMapper(), new
HttpsConfig(config.getHttpPort(), config.getHttpsPort())));
to enable SSL, but it didnt work - neither on a pure wicket page
(admin) nor on brix itself. So, I looked into the mappers we have and
I didn't see any trace of HTTPS or SSL in them.
In wicket 1.4 all was done by the QueryStringHybridUrlCodingStrategy,
but this is not used anymore - can any wicket 1.5 guru please tell me
how a Mapper has to work so the mapper can decide whether he needs SSL
or not?
Best,
KB
PS: maybe https://github.com/kbachl/brix-cms/commit/2e63d02e52af71a9bdda119282ac5fb04a492e7b
is a help;
Martin Grigorov
Mar 8, 2012, 8:24:08 AM3/8/12
to brix-cms...@googlegroups.com
In Brix.java, line 236 (Brix 6.0-SNAPSHOT) there is a line:
application.getRootRequestMapperAsCompound().add(new BrixRequestMapper(this));
application.getRootRequestMapperAsCompound().add(new BrixRequestMapper(this));
I think this is the place to wrap with HttpsMapper.
> --
> You received this message because you are subscribed to the Google Groups "brix-cms-discuss" group.
> To post to this group, send email to brix-cms...@googlegroups.com.
> To unsubscribe from this group, send email to brix-cms-discu...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/brix-cms-discuss?hl=en.
>
Igor Vaynberg
Mar 8, 2012, 10:50:43 AM3/8/12
to brix-cms...@googlegroups.com
brix has its own https switching support...because whether or not to
switch is determined by brix not by annotations on pages
switch is determined by brix not by annotations on pages
-igor
Korbinian
Mar 8, 2012, 11:27:43 AM3/8/12
to brix-cms-discuss
Igor is right about https switching support - but how can
BrixRequestMapper switch the protocol? In HttpsMapper there is just a
propertie-setting, and I don't know how the processing of the mappers
are working. I thought the RequestMappers should support chaining,
shouldn't they?
> >> PS: maybehttps://github.com/kbachl/brix-cms/commit/2e63d02e52af71a9bdda119282a...
BrixRequestMapper switch the protocol? In HttpsMapper there is just a
propertie-setting, and I don't know how the processing of the mappers
are working. I thought the RequestMappers should support chaining,
shouldn't they?
> >> is a help;
>
> >> --
> >> You received this message because you are subscribed to the Google Groups "brix-cms-discuss" group.
> >> To post to this group, send email to brix-cms...@googlegroups.com.
> >> To unsubscribe from this group, send email to brix-cms-discu...@googlegroups.com.
> >> For more options, visit this group athttp://groups.google.com/group/brix-cms-discuss?hl=en.
>
> >> --
> >> You received this message because you are subscribed to the Google Groups "brix-cms-discuss" group.
> >> To post to this group, send email to brix-cms...@googlegroups.com.
> >> To unsubscribe from this group, send email to brix-cms-discu...@googlegroups.com.
Korbinian
Mar 9, 2012, 4:35:08 AM3/9/12
to brix-cms-discuss
I now spent some time on it, and simply said, the whole wicket-1.5
migration in context of URL handling and Protocol-forcing is quite a
mess;
Current main problem is in SwitchProtocolReqestHandler in
org.brixcms.web, where respond(IrequestCycle requestCycle) is
basically an out-commented stub and non working - to get it work, one
needs to access the current requestCycle.getProcessor() that no longer
exists in wicket 1.5; Beside this, the BrixRequestCycleProcessor is
now more an Processor but merely an AbstractRequestCycleListener where
the required HTTPSConfig is never preserved - as the new parent class
don't know this anymore.
What we need is basically a complete rewrite of it - so a new
BrixRequestCycleListener that gets attached to the BrixInstance and
can care for the RequestCycle using an Listener when we load the
content to decide if we need a switch in Protocol (this can't be
easily checked on URL construction unless we cache every URL and its
Protocol required needs as we can't afford to precheck all links to
brix-pages on all tile levels as this means we need to preload nearly
every page that is linked to);
The need for Protocol Switch can be gained by checking the BrixNode
for the current URL for getRequiredProtocol() as this is either an
resource that says nothing special or an AbstractContainer that checks
its complete tile levels for required protocol using requiresSSL() via
tileManager;
So the rewrite shouldn't be too hard, however, I don't really now how
wicket 1.5 handles everything so I kindly wanted to ask Martin G. or
Igor to at least tell me what to do. Beside this, it is also necessary
that we implement this in a way that allows us to let the enduser
bound another Listener to his wicket programm so he can at least force
SSL onto the admin page etc. as brix's strength is defined to allow
easy integration into wicket apps;
Best
Korbinian
migration in context of URL handling and Protocol-forcing is quite a
mess;
Current main problem is in SwitchProtocolReqestHandler in
org.brixcms.web, where respond(IrequestCycle requestCycle) is
basically an out-commented stub and non working - to get it work, one
needs to access the current requestCycle.getProcessor() that no longer
exists in wicket 1.5; Beside this, the BrixRequestCycleProcessor is
now more an Processor but merely an AbstractRequestCycleListener where
the required HTTPSConfig is never preserved - as the new parent class
don't know this anymore.
What we need is basically a complete rewrite of it - so a new
BrixRequestCycleListener that gets attached to the BrixInstance and
can care for the RequestCycle using an Listener when we load the
content to decide if we need a switch in Protocol (this can't be
easily checked on URL construction unless we cache every URL and its
Protocol required needs as we can't afford to precheck all links to
brix-pages on all tile levels as this means we need to preload nearly
every page that is linked to);
The need for Protocol Switch can be gained by checking the BrixNode
for the current URL for getRequiredProtocol() as this is either an
resource that says nothing special or an AbstractContainer that checks
its complete tile levels for required protocol using requiresSSL() via
tileManager;
So the rewrite shouldn't be too hard, however, I don't really now how
wicket 1.5 handles everything so I kindly wanted to ask Martin G. or
Igor to at least tell me what to do. Beside this, it is also necessary
that we implement this in a way that allows us to let the enduser
bound another Listener to his wicket programm so he can at least force
SSL onto the admin page etc. as brix's strength is defined to allow
easy integration into wicket apps;
Best
Korbinian
Reply all
Reply to author
Forward
0 new messages