http redirect to https question.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

http redirect to https question.

Mike Baschky
Hello,
    Say I'm having an issue with http to https redirect in ofbiz v4. I
have https working fine for the login and a couple of other pages,
however, I'm having an issue with redirects. As an example someone comes
into a page that requires authorization but not https they get redirect
to the login page as they should but the login page is no longer under
https. I assume there is a setting I'm missing some place. Could someone
point me in the right direction here. Thanks.
 
-Mike
Reply | Threaded
Open this post in threaded view
|

Re: http redirect to https question.

Michael Jensen-5
Make sure that you have https="true" set for the request map.  This is
set in WEB-INF/controller.xml

Here is what mine looks like:
    <request-map uri="login">
        <security https="true" auth="false"/>
        <event type="java" path="org.ofbiz.eearner.control.LoginWorker"
invoke="login"/>
        <response name="success" type="view" value="main"/>
        <response name="error" type="view" value="login"/>
    </request-map>

This works for my login links from non-https pages.

Mike


Mike Baschky wrote:

> Hello,
>     Say I'm having an issue with http to https redirect in ofbiz v4. I
> have https working fine for the login and a couple of other pages,
> however, I'm having an issue with redirects. As an example someone comes
> into a page that requires authorization but not https they get redirect
> to the login page as they should but the login page is no longer under
> https. I assume there is a setting I'm missing some place. Could someone
> point me in the right direction here. Thanks.
>  
> -Mike
>

--
Millcreek Systems, Inc.
P.O. Box 9835
Salt Lake City, Utah 84109
Phone: 801.649.4903
Skype: millcreeksys (http://millcreeksys.com/skype/)
Reply | Threaded
Open this post in threaded view
|

RE: http redirect to https question.

Mike Baschky
Hi Mike,
        Thanks. I do have mu controller set up like this (different
login class of course). So when you try to login form say
http://yourofbiz.com/controller/non-secure-auth-page, you get redirected
to your main page and it's under https - correct? When I do this I get
sent to my login page but it's under http?? Is there another file I need
to update? Thanks.

-Mike

-----Original Message-----
From: Michael Jensen [mailto:[hidden email]]
Sent: Friday, August 31, 2007 9:40 AM
To: [hidden email]
Subject: Re: http redirect to https question.

Make sure that you have https="true" set for the request map.  This is
set in WEB-INF/controller.xml

Here is what mine looks like:
    <request-map uri="login">
        <security https="true" auth="false"/>
        <event type="java" path="org.ofbiz.eearner.control.LoginWorker"
invoke="login"/>
        <response name="success" type="view" value="main"/>
        <response name="error" type="view" value="login"/>
    </request-map>

This works for my login links from non-https pages.

Mike


Mike Baschky wrote:
> Hello,
>     Say I'm having an issue with http to https redirect in ofbiz v4. I

> have https working fine for the login and a couple of other pages,
> however, I'm having an issue with redirects. As an example someone
> comes into a page that requires authorization but not https they get
> redirect to the login page as they should but the login page is no
> longer under https. I assume there is a setting I'm missing some
> place. Could someone point me in the right direction here. Thanks.
>  
> -Mike
>

--
Millcreek Systems, Inc.
P.O. Box 9835
Salt Lake City, Utah 84109
Phone: 801.649.4903
Skype: millcreeksys (http://millcreeksys.com/skype/)
Reply | Threaded
Open this post in threaded view
|

Re: http redirect to https question.

Michael Jensen-5
I was mistaken on the section of my config file I sent previously.  I
use checkLogin not login

When I go to the page:
http://yourofbiz.com/myapp/control/checkLogin/login
it instantly redirects to
https://yourofbiz.com/myapp/control/checkLogin/login

That section of controller.xml says:
    <request-map uri="checkLogin" edit="false">
        <description>Verify a user is logged in.</description>
        <security https="true" auth="false"/>
        <event type="java" path="org.ofbiz.myapp.control.LoginWorker"
invoke="checkLogin" />
        <response name="success" type="view" value="main"/>
        <response name="error" type="view" value="login"/>
    </request-map>

It doesn't seem much different from the login section I posted
previously.  I'm still pretty new to ofbiz, but everywhere that I've
specified https="true" in that file, it redirects to https for me.  The
version of ofbiz that I'm using is from svn a couple of months ago.
There may be another file that needs editing, but I can't find anything
else that I've changed.

Mike


Mike Baschky wrote:

> Hi Mike,
> Thanks. I do have mu controller set up like this (different
> login class of course). So when you try to login form say
> http://yourofbiz.com/controller/non-secure-auth-page, you get redirected
> to your main page and it's under https - correct? When I do this I get
> sent to my login page but it's under http?? Is there another file I need
> to update? Thanks.
>
> -Mike
>
> -----Original Message-----
> From: Michael Jensen [mailto:[hidden email]]
> Sent: Friday, August 31, 2007 9:40 AM
> To: [hidden email]
> Subject: Re: http redirect to https question.
>
> Make sure that you have https="true" set for the request map.  This is
> set in WEB-INF/controller.xml
>
> Here is what mine looks like:
>     <request-map uri="login">
>         <security https="true" auth="false"/>
>         <event type="java" path="org.ofbiz.myapp.control.LoginWorker"
> invoke="login"/>
>         <response name="success" type="view" value="main"/>
>         <response name="error" type="view" value="login"/>
>     </request-map>
>
> This works for my login links from non-https pages.
>
> Mike
>
>
> Mike Baschky wrote:
>> Hello,
>>     Say I'm having an issue with http to https redirect in ofbiz v4. I
>
>> have https working fine for the login and a couple of other pages,
>> however, I'm having an issue with redirects. As an example someone
>> comes into a page that requires authorization but not https they get
>> redirect to the login page as they should but the login page is no
>> longer under https. I assume there is a setting I'm missing some
>> place. Could someone point me in the right direction here. Thanks.
>>  
>> -Mike
>>
>
> --
> Millcreek Systems, Inc.
> P.O. Box 9835
> Salt Lake City, Utah 84109
> Phone: 801.649.4903
> Skype: millcreeksys (http://millcreeksys.com/skype/)

--
Millcreek Systems, Inc.
P.O. Box 9835
Salt Lake City, Utah 84109
Phone: 801.649.4903
Skype: millcreeksys (http://millcreeksys.com/skype/)
Reply | Threaded
Open this post in threaded view
|

RE: http redirect to https question.

Mike Baschky
Thanks Mike,
        This does work if I type in the whole url with check login but
for some reason ofbiz is not rewriting my url to use checkLogin. I guess
I'm still confused on how ofbiz is doing its redirects. Thanks again for
the information.

-Mike

-----Original Message-----
From: Michael Jensen [mailto:[hidden email]]
Sent: Friday, August 31, 2007 10:24 AM
To: [hidden email]
Subject: Re: http redirect to https question.

I was mistaken on the section of my config file I sent previously.  I
use checkLogin not login

When I go to the page:
http://yourofbiz.com/myapp/control/checkLogin/login
it instantly redirects to
https://yourofbiz.com/myapp/control/checkLogin/login

That section of controller.xml says:
    <request-map uri="checkLogin" edit="false">
        <description>Verify a user is logged in.</description>
        <security https="true" auth="false"/>
        <event type="java" path="org.ofbiz.myapp.control.LoginWorker"
invoke="checkLogin" />
        <response name="success" type="view" value="main"/>
        <response name="error" type="view" value="login"/>
    </request-map>

It doesn't seem much different from the login section I posted
previously.  I'm still pretty new to ofbiz, but everywhere that I've
specified https="true" in that file, it redirects to https for me.  The
version of ofbiz that I'm using is from svn a couple of months ago.
There may be another file that needs editing, but I can't find anything
else that I've changed.

Mike


Mike Baschky wrote:
> Hi Mike,
> Thanks. I do have mu controller set up like this (different
login
> class of course). So when you try to login form say
> http://yourofbiz.com/controller/non-secure-auth-page, you get
> redirected to your main page and it's under https - correct? When I do

> this I get sent to my login page but it's under http?? Is there
> another file I need to update? Thanks.
>
> -Mike
>
> -----Original Message-----
> From: Michael Jensen [mailto:[hidden email]]
> Sent: Friday, August 31, 2007 9:40 AM
> To: [hidden email]
> Subject: Re: http redirect to https question.
>
> Make sure that you have https="true" set for the request map.  This is

> set in WEB-INF/controller.xml
>
> Here is what mine looks like:
>     <request-map uri="login">
>         <security https="true" auth="false"/>
>         <event type="java" path="org.ofbiz.myapp.control.LoginWorker"
> invoke="login"/>
>         <response name="success" type="view" value="main"/>
>         <response name="error" type="view" value="login"/>
>     </request-map>
>
> This works for my login links from non-https pages.
>
> Mike
>
>
> Mike Baschky wrote:
>> Hello,
>>     Say I'm having an issue with http to https redirect in ofbiz v4.
>> I
>
>> have https working fine for the login and a couple of other pages,
>> however, I'm having an issue with redirects. As an example someone
>> comes into a page that requires authorization but not https they get
>> redirect to the login page as they should but the login page is no
>> longer under https. I assume there is a setting I'm missing some
>> place. Could someone point me in the right direction here. Thanks.
>>  
>> -Mike
>>
>
> --
> Millcreek Systems, Inc.
> P.O. Box 9835
> Salt Lake City, Utah 84109
> Phone: 801.649.4903
> Skype: millcreeksys (http://millcreeksys.com/skype/)

--
Millcreek Systems, Inc.
P.O. Box 9835
Salt Lake City, Utah 84109
Phone: 801.649.4903
Skype: millcreeksys (http://millcreeksys.com/skype/)
Reply | Threaded
Open this post in threaded view
|

Re: http redirect to https question.

Michael Jensen-5
Here's the snippet of code I use to generate the login links:

You must <a
href="<@ofbizUrl>${checkLoginUrl}</@ofbizUrl>">${uiLabelMap.CommonLogin}</a>
to continue.

Mike


Mike Baschky wrote:

> Thanks Mike,
> This does work if I type in the whole url with check login but
> for some reason ofbiz is not rewriting my url to use checkLogin. I guess
> I'm still confused on how ofbiz is doing its redirects. Thanks again for
> the information.
>
> -Mike
>
> -----Original Message-----
> From: Michael Jensen [mailto:[hidden email]]
> Sent: Friday, August 31, 2007 10:24 AM
> To: [hidden email]
> Subject: Re: http redirect to https question.
>
> I was mistaken on the section of my config file I sent previously.  I
> use checkLogin not login
>
> When I go to the page:
> http://yourofbiz.com/myapp/control/checkLogin/login
> it instantly redirects to
> https://yourofbiz.com/myapp/control/checkLogin/login
>
> That section of controller.xml says:
>     <request-map uri="checkLogin" edit="false">
>         <description>Verify a user is logged in.</description>
>         <security https="true" auth="false"/>
>         <event type="java" path="org.ofbiz.myapp.control.LoginWorker"
> invoke="checkLogin" />
>         <response name="success" type="view" value="main"/>
>         <response name="error" type="view" value="login"/>
>     </request-map>
>
> It doesn't seem much different from the login section I posted
> previously.  I'm still pretty new to ofbiz, but everywhere that I've
> specified https="true" in that file, it redirects to https for me.  The
> version of ofbiz that I'm using is from svn a couple of months ago.
> There may be another file that needs editing, but I can't find anything
> else that I've changed.
>
> Mike
>
>
> Mike Baschky wrote:
>> Hi Mike,
>> Thanks. I do have mu controller set up like this (different
> login
>> class of course). So when you try to login form say
>> http://yourofbiz.com/controller/non-secure-auth-page, you get
>> redirected to your main page and it's under https - correct? When I do
>
>> this I get sent to my login page but it's under http?? Is there
>> another file I need to update? Thanks.
>>
>> -Mike
>>
>> -----Original Message-----
>> From: Michael Jensen [mailto:[hidden email]]
>> Sent: Friday, August 31, 2007 9:40 AM
>> To: [hidden email]
>> Subject: Re: http redirect to https question.
>>
>> Make sure that you have https="true" set for the request map.  This is
>
>> set in WEB-INF/controller.xml
>>
>> Here is what mine looks like:
>>     <request-map uri="login">
>>         <security https="true" auth="false"/>
>>         <event type="java" path="org.ofbiz.myapp.control.LoginWorker"
>> invoke="login"/>
>>         <response name="success" type="view" value="main"/>
>>         <response name="error" type="view" value="login"/>
>>     </request-map>
>>
>> This works for my login links from non-https pages.
>>
>> Mike
>>
>>
>> Mike Baschky wrote:
>>> Hello,
>>>     Say I'm having an issue with http to https redirect in ofbiz v4.
>>> I
>>> have https working fine for the login and a couple of other pages,
>>> however, I'm having an issue with redirects. As an example someone
>>> comes into a page that requires authorization but not https they get
>>> redirect to the login page as they should but the login page is no
>>> longer under https. I assume there is a setting I'm missing some
>>> place. Could someone point me in the right direction here. Thanks.
>>>  
>>> -Mike
>>>
>> --
>> Millcreek Systems, Inc.
>> P.O. Box 9835
>> Salt Lake City, Utah 84109
>> Phone: 801.649.4903
>> Skype: millcreeksys (http://millcreeksys.com/skype/)
>
> --
> Millcreek Systems, Inc.
> P.O. Box 9835
> Salt Lake City, Utah 84109
> Phone: 801.649.4903
> Skype: millcreeksys (http://millcreeksys.com/skype/)

--
Millcreek Systems, Inc.
P.O. Box 9835
Salt Lake City, Utah 84109
Phone: 801.649.4903
Skype: millcreeksys (http://millcreeksys.com/skype/)
Reply | Threaded
Open this post in threaded view
|

RE: http redirect to https question.

Mike Baschky
Thank you. I see what you are doing you have an actual href in a page. I
guess what I'm trying to understand is if a user types in a url for a
secure location they are redirected to the login page to authenticate
and after successful authentication they are allowed to enter the site
at the given url. My login page is suppose to be under https but this
apparently get's circumvented by the redirecting going on in ofbiz.
Thanks again for your help.

-----Original Message-----
From: Michael Jensen [mailto:[hidden email]]
Sent: Friday, August 31, 2007 1:22 PM
To: [hidden email]
Subject: Re: http redirect to https question.

Here's the snippet of code I use to generate the login links:

You must <a
href="<@ofbizUrl>${checkLoginUrl}</@ofbizUrl>">${uiLabelMap.CommonLogin}
</a>
to continue.

Mike


Mike Baschky wrote:
> Thanks Mike,
> This does work if I type in the whole url with check login but
for

> some reason ofbiz is not rewriting my url to use checkLogin. I guess
> I'm still confused on how ofbiz is doing its redirects. Thanks again
> for the information.
>
> -Mike
>
> -----Original Message-----
> From: Michael Jensen [mailto:[hidden email]]
> Sent: Friday, August 31, 2007 10:24 AM
> To: [hidden email]
> Subject: Re: http redirect to https question.
>
> I was mistaken on the section of my config file I sent previously.  I
> use checkLogin not login
>
> When I go to the page:
> http://yourofbiz.com/myapp/control/checkLogin/login
> it instantly redirects to
> https://yourofbiz.com/myapp/control/checkLogin/login
>
> That section of controller.xml says:
>     <request-map uri="checkLogin" edit="false">
>         <description>Verify a user is logged in.</description>
>         <security https="true" auth="false"/>
>         <event type="java" path="org.ofbiz.myapp.control.LoginWorker"
> invoke="checkLogin" />
>         <response name="success" type="view" value="main"/>
>         <response name="error" type="view" value="login"/>
>     </request-map>
>
> It doesn't seem much different from the login section I posted
> previously.  I'm still pretty new to ofbiz, but everywhere that I've
> specified https="true" in that file, it redirects to https for me.  
> The version of ofbiz that I'm using is from svn a couple of months
ago.

> There may be another file that needs editing, but I can't find
> anything else that I've changed.
>
> Mike
>
>
> Mike Baschky wrote:
>> Hi Mike,
>> Thanks. I do have mu controller set up like this (different
> login
>> class of course). So when you try to login form say
>> http://yourofbiz.com/controller/non-secure-auth-page, you get
>> redirected to your main page and it's under https - correct? When I
>> do
>
>> this I get sent to my login page but it's under http?? Is there
>> another file I need to update? Thanks.
>>
>> -Mike
>>
>> -----Original Message-----
>> From: Michael Jensen [mailto:[hidden email]]
>> Sent: Friday, August 31, 2007 9:40 AM
>> To: [hidden email]
>> Subject: Re: http redirect to https question.
>>
>> Make sure that you have https="true" set for the request map.  This
>> is
>
>> set in WEB-INF/controller.xml
>>
>> Here is what mine looks like:
>>     <request-map uri="login">
>>         <security https="true" auth="false"/>
>>         <event type="java" path="org.ofbiz.myapp.control.LoginWorker"
>> invoke="login"/>
>>         <response name="success" type="view" value="main"/>
>>         <response name="error" type="view" value="login"/>
>>     </request-map>
>>
>> This works for my login links from non-https pages.
>>
>> Mike
>>
>>
>> Mike Baschky wrote:
>>> Hello,
>>>     Say I'm having an issue with http to https redirect in ofbiz v4.

>>> I
>>> have https working fine for the login and a couple of other pages,
>>> however, I'm having an issue with redirects. As an example someone
>>> comes into a page that requires authorization but not https they get

>>> redirect to the login page as they should but the login page is no
>>> longer under https. I assume there is a setting I'm missing some
>>> place. Could someone point me in the right direction here. Thanks.
>>>  
>>> -Mike
>>>
>> --
>> Millcreek Systems, Inc.
>> P.O. Box 9835
>> Salt Lake City, Utah 84109
>> Phone: 801.649.4903
>> Skype: millcreeksys (http://millcreeksys.com/skype/)
>
> --
> Millcreek Systems, Inc.
> P.O. Box 9835
> Salt Lake City, Utah 84109
> Phone: 801.649.4903
> Skype: millcreeksys (http://millcreeksys.com/skype/)

--
Millcreek Systems, Inc.
P.O. Box 9835
Salt Lake City, Utah 84109
Phone: 801.649.4903
Skype: millcreeksys (http://millcreeksys.com/skype/)