Hello,
Say I'm having an issue with http to https redirect in ofbiz v4. I have https working fine for the login and a couple of other pages, however, I'm having an issue with redirects. As an example someone comes into a page that requires authorization but not https they get redirect to the login page as they should but the login page is no longer under https. I assume there is a setting I'm missing some place. Could someone point me in the right direction here. Thanks. -Mike |
Make sure that you have https="true" set for the request map. This is
set in WEB-INF/controller.xml Here is what mine looks like: <request-map uri="login"> <security https="true" auth="false"/> <event type="java" path="org.ofbiz.eearner.control.LoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> This works for my login links from non-https pages. Mike Mike Baschky wrote: > Hello, > Say I'm having an issue with http to https redirect in ofbiz v4. I > have https working fine for the login and a couple of other pages, > however, I'm having an issue with redirects. As an example someone comes > into a page that requires authorization but not https they get redirect > to the login page as they should but the login page is no longer under > https. I assume there is a setting I'm missing some place. Could someone > point me in the right direction here. Thanks. > > -Mike > -- Millcreek Systems, Inc. P.O. Box 9835 Salt Lake City, Utah 84109 Phone: 801.649.4903 Skype: millcreeksys (http://millcreeksys.com/skype/) |
Hi Mike,
Thanks. I do have mu controller set up like this (different login class of course). So when you try to login form say http://yourofbiz.com/controller/non-secure-auth-page, you get redirected to your main page and it's under https - correct? When I do this I get sent to my login page but it's under http?? Is there another file I need to update? Thanks. -Mike -----Original Message----- From: Michael Jensen [mailto:[hidden email]] Sent: Friday, August 31, 2007 9:40 AM To: [hidden email] Subject: Re: http redirect to https question. Make sure that you have https="true" set for the request map. This is set in WEB-INF/controller.xml Here is what mine looks like: <request-map uri="login"> <security https="true" auth="false"/> <event type="java" path="org.ofbiz.eearner.control.LoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> This works for my login links from non-https pages. Mike Mike Baschky wrote: > Hello, > Say I'm having an issue with http to https redirect in ofbiz v4. I > have https working fine for the login and a couple of other pages, > however, I'm having an issue with redirects. As an example someone > comes into a page that requires authorization but not https they get > redirect to the login page as they should but the login page is no > longer under https. I assume there is a setting I'm missing some > place. Could someone point me in the right direction here. Thanks. > > -Mike > -- Millcreek Systems, Inc. P.O. Box 9835 Salt Lake City, Utah 84109 Phone: 801.649.4903 Skype: millcreeksys (http://millcreeksys.com/skype/) |
I was mistaken on the section of my config file I sent previously. I
use checkLogin not login When I go to the page: http://yourofbiz.com/myapp/control/checkLogin/login it instantly redirects to https://yourofbiz.com/myapp/control/checkLogin/login That section of controller.xml says: <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> <event type="java" path="org.ofbiz.myapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> It doesn't seem much different from the login section I posted previously. I'm still pretty new to ofbiz, but everywhere that I've specified https="true" in that file, it redirects to https for me. The version of ofbiz that I'm using is from svn a couple of months ago. There may be another file that needs editing, but I can't find anything else that I've changed. Mike Mike Baschky wrote: > Hi Mike, > Thanks. I do have mu controller set up like this (different > login class of course). So when you try to login form say > http://yourofbiz.com/controller/non-secure-auth-page, you get redirected > to your main page and it's under https - correct? When I do this I get > sent to my login page but it's under http?? Is there another file I need > to update? Thanks. > > -Mike > > -----Original Message----- > From: Michael Jensen [mailto:[hidden email]] > Sent: Friday, August 31, 2007 9:40 AM > To: [hidden email] > Subject: Re: http redirect to https question. > > Make sure that you have https="true" set for the request map. This is > set in WEB-INF/controller.xml > > Here is what mine looks like: > <request-map uri="login"> > <security https="true" auth="false"/> > <event type="java" path="org.ofbiz.myapp.control.LoginWorker" > invoke="login"/> > <response name="success" type="view" value="main"/> > <response name="error" type="view" value="login"/> > </request-map> > > This works for my login links from non-https pages. > > Mike > > > Mike Baschky wrote: >> Hello, >> Say I'm having an issue with http to https redirect in ofbiz v4. I > >> have https working fine for the login and a couple of other pages, >> however, I'm having an issue with redirects. As an example someone >> comes into a page that requires authorization but not https they get >> redirect to the login page as they should but the login page is no >> longer under https. I assume there is a setting I'm missing some >> place. Could someone point me in the right direction here. Thanks. >> >> -Mike >> > > -- > Millcreek Systems, Inc. > P.O. Box 9835 > Salt Lake City, Utah 84109 > Phone: 801.649.4903 > Skype: millcreeksys (http://millcreeksys.com/skype/) -- Millcreek Systems, Inc. P.O. Box 9835 Salt Lake City, Utah 84109 Phone: 801.649.4903 Skype: millcreeksys (http://millcreeksys.com/skype/) |
Thanks Mike,
This does work if I type in the whole url with check login but for some reason ofbiz is not rewriting my url to use checkLogin. I guess I'm still confused on how ofbiz is doing its redirects. Thanks again for the information. -Mike -----Original Message----- From: Michael Jensen [mailto:[hidden email]] Sent: Friday, August 31, 2007 10:24 AM To: [hidden email] Subject: Re: http redirect to https question. I was mistaken on the section of my config file I sent previously. I use checkLogin not login When I go to the page: http://yourofbiz.com/myapp/control/checkLogin/login it instantly redirects to https://yourofbiz.com/myapp/control/checkLogin/login That section of controller.xml says: <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> <event type="java" path="org.ofbiz.myapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> It doesn't seem much different from the login section I posted previously. I'm still pretty new to ofbiz, but everywhere that I've specified https="true" in that file, it redirects to https for me. The version of ofbiz that I'm using is from svn a couple of months ago. There may be another file that needs editing, but I can't find anything else that I've changed. Mike Mike Baschky wrote: > Hi Mike, > Thanks. I do have mu controller set up like this (different login > class of course). So when you try to login form say > http://yourofbiz.com/controller/non-secure-auth-page, you get > redirected to your main page and it's under https - correct? When I do > this I get sent to my login page but it's under http?? Is there > another file I need to update? Thanks. > > -Mike > > -----Original Message----- > From: Michael Jensen [mailto:[hidden email]] > Sent: Friday, August 31, 2007 9:40 AM > To: [hidden email] > Subject: Re: http redirect to https question. > > Make sure that you have https="true" set for the request map. This is > set in WEB-INF/controller.xml > > Here is what mine looks like: > <request-map uri="login"> > <security https="true" auth="false"/> > <event type="java" path="org.ofbiz.myapp.control.LoginWorker" > invoke="login"/> > <response name="success" type="view" value="main"/> > <response name="error" type="view" value="login"/> > </request-map> > > This works for my login links from non-https pages. > > Mike > > > Mike Baschky wrote: >> Hello, >> Say I'm having an issue with http to https redirect in ofbiz v4. >> I > >> have https working fine for the login and a couple of other pages, >> however, I'm having an issue with redirects. As an example someone >> comes into a page that requires authorization but not https they get >> redirect to the login page as they should but the login page is no >> longer under https. I assume there is a setting I'm missing some >> place. Could someone point me in the right direction here. Thanks. >> >> -Mike >> > > -- > Millcreek Systems, Inc. > P.O. Box 9835 > Salt Lake City, Utah 84109 > Phone: 801.649.4903 > Skype: millcreeksys (http://millcreeksys.com/skype/) -- Millcreek Systems, Inc. P.O. Box 9835 Salt Lake City, Utah 84109 Phone: 801.649.4903 Skype: millcreeksys (http://millcreeksys.com/skype/) |
Here's the snippet of code I use to generate the login links:
You must <a href="<@ofbizUrl>${checkLoginUrl}</@ofbizUrl>">${uiLabelMap.CommonLogin}</a> to continue. Mike Mike Baschky wrote: > Thanks Mike, > This does work if I type in the whole url with check login but > for some reason ofbiz is not rewriting my url to use checkLogin. I guess > I'm still confused on how ofbiz is doing its redirects. Thanks again for > the information. > > -Mike > > -----Original Message----- > From: Michael Jensen [mailto:[hidden email]] > Sent: Friday, August 31, 2007 10:24 AM > To: [hidden email] > Subject: Re: http redirect to https question. > > I was mistaken on the section of my config file I sent previously. I > use checkLogin not login > > When I go to the page: > http://yourofbiz.com/myapp/control/checkLogin/login > it instantly redirects to > https://yourofbiz.com/myapp/control/checkLogin/login > > That section of controller.xml says: > <request-map uri="checkLogin" edit="false"> > <description>Verify a user is logged in.</description> > <security https="true" auth="false"/> > <event type="java" path="org.ofbiz.myapp.control.LoginWorker" > invoke="checkLogin" /> > <response name="success" type="view" value="main"/> > <response name="error" type="view" value="login"/> > </request-map> > > It doesn't seem much different from the login section I posted > previously. I'm still pretty new to ofbiz, but everywhere that I've > specified https="true" in that file, it redirects to https for me. The > version of ofbiz that I'm using is from svn a couple of months ago. > There may be another file that needs editing, but I can't find anything > else that I've changed. > > Mike > > > Mike Baschky wrote: >> Hi Mike, >> Thanks. I do have mu controller set up like this (different > login >> class of course). So when you try to login form say >> http://yourofbiz.com/controller/non-secure-auth-page, you get >> redirected to your main page and it's under https - correct? When I do > >> this I get sent to my login page but it's under http?? Is there >> another file I need to update? Thanks. >> >> -Mike >> >> -----Original Message----- >> From: Michael Jensen [mailto:[hidden email]] >> Sent: Friday, August 31, 2007 9:40 AM >> To: [hidden email] >> Subject: Re: http redirect to https question. >> >> Make sure that you have https="true" set for the request map. This is > >> set in WEB-INF/controller.xml >> >> Here is what mine looks like: >> <request-map uri="login"> >> <security https="true" auth="false"/> >> <event type="java" path="org.ofbiz.myapp.control.LoginWorker" >> invoke="login"/> >> <response name="success" type="view" value="main"/> >> <response name="error" type="view" value="login"/> >> </request-map> >> >> This works for my login links from non-https pages. >> >> Mike >> >> >> Mike Baschky wrote: >>> Hello, >>> Say I'm having an issue with http to https redirect in ofbiz v4. >>> I >>> have https working fine for the login and a couple of other pages, >>> however, I'm having an issue with redirects. As an example someone >>> comes into a page that requires authorization but not https they get >>> redirect to the login page as they should but the login page is no >>> longer under https. I assume there is a setting I'm missing some >>> place. Could someone point me in the right direction here. Thanks. >>> >>> -Mike >>> >> -- >> Millcreek Systems, Inc. >> P.O. Box 9835 >> Salt Lake City, Utah 84109 >> Phone: 801.649.4903 >> Skype: millcreeksys (http://millcreeksys.com/skype/) > > -- > Millcreek Systems, Inc. > P.O. Box 9835 > Salt Lake City, Utah 84109 > Phone: 801.649.4903 > Skype: millcreeksys (http://millcreeksys.com/skype/) -- Millcreek Systems, Inc. P.O. Box 9835 Salt Lake City, Utah 84109 Phone: 801.649.4903 Skype: millcreeksys (http://millcreeksys.com/skype/) |
Thank you. I see what you are doing you have an actual href in a page. I
guess what I'm trying to understand is if a user types in a url for a secure location they are redirected to the login page to authenticate and after successful authentication they are allowed to enter the site at the given url. My login page is suppose to be under https but this apparently get's circumvented by the redirecting going on in ofbiz. Thanks again for your help. -----Original Message----- From: Michael Jensen [mailto:[hidden email]] Sent: Friday, August 31, 2007 1:22 PM To: [hidden email] Subject: Re: http redirect to https question. Here's the snippet of code I use to generate the login links: You must <a href="<@ofbizUrl>${checkLoginUrl}</@ofbizUrl>">${uiLabelMap.CommonLogin} </a> to continue. Mike Mike Baschky wrote: > Thanks Mike, > This does work if I type in the whole url with check login but for > some reason ofbiz is not rewriting my url to use checkLogin. I guess > I'm still confused on how ofbiz is doing its redirects. Thanks again > for the information. > > -Mike > > -----Original Message----- > From: Michael Jensen [mailto:[hidden email]] > Sent: Friday, August 31, 2007 10:24 AM > To: [hidden email] > Subject: Re: http redirect to https question. > > I was mistaken on the section of my config file I sent previously. I > use checkLogin not login > > When I go to the page: > http://yourofbiz.com/myapp/control/checkLogin/login > it instantly redirects to > https://yourofbiz.com/myapp/control/checkLogin/login > > That section of controller.xml says: > <request-map uri="checkLogin" edit="false"> > <description>Verify a user is logged in.</description> > <security https="true" auth="false"/> > <event type="java" path="org.ofbiz.myapp.control.LoginWorker" > invoke="checkLogin" /> > <response name="success" type="view" value="main"/> > <response name="error" type="view" value="login"/> > </request-map> > > It doesn't seem much different from the login section I posted > previously. I'm still pretty new to ofbiz, but everywhere that I've > specified https="true" in that file, it redirects to https for me. > The version of ofbiz that I'm using is from svn a couple of months > There may be another file that needs editing, but I can't find > anything else that I've changed. > > Mike > > > Mike Baschky wrote: >> Hi Mike, >> Thanks. I do have mu controller set up like this (different > login >> class of course). So when you try to login form say >> http://yourofbiz.com/controller/non-secure-auth-page, you get >> redirected to your main page and it's under https - correct? When I >> do > >> this I get sent to my login page but it's under http?? Is there >> another file I need to update? Thanks. >> >> -Mike >> >> -----Original Message----- >> From: Michael Jensen [mailto:[hidden email]] >> Sent: Friday, August 31, 2007 9:40 AM >> To: [hidden email] >> Subject: Re: http redirect to https question. >> >> Make sure that you have https="true" set for the request map. This >> is > >> set in WEB-INF/controller.xml >> >> Here is what mine looks like: >> <request-map uri="login"> >> <security https="true" auth="false"/> >> <event type="java" path="org.ofbiz.myapp.control.LoginWorker" >> invoke="login"/> >> <response name="success" type="view" value="main"/> >> <response name="error" type="view" value="login"/> >> </request-map> >> >> This works for my login links from non-https pages. >> >> Mike >> >> >> Mike Baschky wrote: >>> Hello, >>> Say I'm having an issue with http to https redirect in ofbiz v4. >>> I >>> have https working fine for the login and a couple of other pages, >>> however, I'm having an issue with redirects. As an example someone >>> comes into a page that requires authorization but not https they get >>> redirect to the login page as they should but the login page is no >>> longer under https. I assume there is a setting I'm missing some >>> place. Could someone point me in the right direction here. Thanks. >>> >>> -Mike >>> >> -- >> Millcreek Systems, Inc. >> P.O. Box 9835 >> Salt Lake City, Utah 84109 >> Phone: 801.649.4903 >> Skype: millcreeksys (http://millcreeksys.com/skype/) > > -- > Millcreek Systems, Inc. > P.O. Box 9835 > Salt Lake City, Utah 84109 > Phone: 801.649.4903 > Skype: millcreeksys (http://millcreeksys.com/skype/) -- Millcreek Systems, Inc. P.O. Box 9835 Salt Lake City, Utah 84109 Phone: 801.649.4903 Skype: millcreeksys (http://millcreeksys.com/skype/) |
Free forum by Nabble | Edit this page |