JSF + Prettyfaces, Force login page to redirect to https

Splash Forums PrettyFaces Users JSF + Prettyfaces, Force login page to redirect to https

This topic contains 8 replies, has 3 voices, and was last updated by  Lincoln Baxter III 5 years ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #18356

    nicmon
    Participant

    Hello,

    I already use Prettyfaces in my project. Now I want to force my login page to always redirect to a https page. is this something that I can realize using a Prettyfaces rule? Thank you.

    #22519

    Yes, you can do this using a PrettyFaces rewrite processor:

    http://ocpsoft.org/docs/prettyfaces/snapshot/en-US/html/inbound_rewriting.html#inbound_rewriting.options

    You can also do this easily using the OCPsoft Rewrite framework: http://ocpsoft.org/rewrite/

    .defineRule().when(Path.matches("/login").and(Scheme.matches("http"))).perform(Redirect.temporary("https://server.com/login"))

    The server URL can be built dynamically as well, but we’ll need to add a few features to make that easier.

    You can also do this using your own rule:

    .addRule(new RuleBase() { ... define the behavior directly ... })

    #22520

    What do you think? Options for making this better in Rewrite:

    https://gist.github.com/2673529

    Opinions?

    #22521

    Hey Lincoln,

    I don’t like the first shorthand option because it doesn’t allow to distinguish between permanent and temporary redirects any more.

    The second option looks nicer. But I’m not sure if the captureIn() is a bit “too much”. What about if the “URL building” is done by a separate class. Something like this:

    .defineRule()
    .when(Path.matches("/login").and(Scheme.matches("http")))
    .perform(Redirect.temporary(CurrentURL.toScheme("https"))

    or with the capturing:

    .defineRule()
    .when(URL.captureIn("url").and(Path.matches("/login")).and(Scheme.matches("http")))
    .perform(Redirect.permanent(URL.capturedWith("url").toScheme("https")))

    #22522

    Hmmm…

    Yeah, I think we need some kind of API for interacting with various parts of the request or URL in an Operation, like a way to build an manipulation into an operation input.

    #22523

    Yeah, I agree. I think it makes sense to separate the manipulation from the actual operation. Although I’m not sure there are so many cases except for redirects where that URL has to be manipulated. Perhaps forwards, but is there more?

    #22524

    Hm, not really sure. We’ll need to play around with this.

    #22525

    I created an issue for tracking this idea:

    https://github.com/ocpsoft/rewrite/issues/55

    #22526

    Marking this issue as resolved as there are several ways to do this, just not necessarily the nicest. We’ll track this feature in Issue 55. Thanks! Please feel free to comment or ask more questions.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

Comments are closed.