Foros de discusión

bridge / jsf / secure="true"

andreas kehl, modificado hace 10 años.

bridge / jsf / secure="true"

New Member Mensajes: 17 Fecha de incorporación: 30/07/08 Mensajes recientes
I am using
liferay-portal-6.1.1-ce-ga2
liferay-faces-bridge-impl 3.1.2-ga3
primefaces 3.5.x

Portlets are installed behind loadbalancer (SSL offloading / proxy (do not yet exactly know what the proxy does))

The Portal "Owner" told me to use the following statement for forcing all actions to call / render https url's for POST calls instead of http:
(Incoming calls from proxy - portal are http due to ssl offloading)

<portlet:actionURL secure="true"/>

I do not see such an attribute neither in h: nor in p: (primefaces) tags

How to force jsf portlets to use https urls?

Is ist possible to configure it somwthere in liferay / bridge / portlet configuration?
thumbnail
Juan Gonzalez, modificado hace 10 años.

RE: bridge / jsf / secure="true"

Liferay Legend Mensajes: 3089 Fecha de incorporación: 28/10/08 Mensajes recientes
Hi Andreas,

please take a look at this properties and set accordingly in portal.ext.properties:

#
    # Set the HTTP and HTTPs ports when running the portal in a J2EE server that
    # is sitting behind another web server like Apache. Set the values to -1 if
    # the portal is not running behind another web server like Apache.
    #
    web.server.http.port=-1
    web.server.https.port=-1

    #
    # Set the hostname that will be used when the portlet generates URLs.
    # Leaving this blank will mean the host is derived from the servlet
    # container.
    #
    web.server.host=

    #
    # Set the preferred protocol.
    #
    #web.server.protocol=https
andreas kehl, modificado hace 10 años.

RE: bridge / jsf / secure="true"

New Member Mensajes: 17 Fecha de incorporación: 30/07/08 Mensajes recientes
Hi Juan,

thanks.

This configuration works for me

web.server.host=myhost.mydomain
web.server.https.port=8443
web.server.http.port=8443
web.server.protocol=https

My Setup
apache httpd with
- ssl offloading on port 8443
- reverse proxy
ProxyRequests Off
ProxyPass / http://192.168.3.107:8080/
ProxyPassReverse / http://192.168.3.107:8080

Liferay / tomcat listening on http / 8080 only
thumbnail
Juan Gonzalez, modificado hace 10 años.

RE: bridge / jsf / secure="true"

Liferay Legend Mensajes: 3089 Fecha de incorporación: 28/10/08 Mensajes recientes
Great news andreas!
andreas kehl, modificado hace 10 años.

RE: bridge / jsf / secure="true"

New Member Mensajes: 17 Fecha de incorporación: 30/07/08 Mensajes recientes
Problem was localy solved only - but not in the Productive Environment :-(

I was told, that other applications are allowed to access the portal by http.
(probably internal applications behind loadbalancer/SSL Offloadning) or even local calls from and to the portal)

The solution described in this thread (re)-writes all response urls / headers / html content to the configured values
https://myhost.mydomain:8443/...

That means
an allowed local access to the portal (according to my sample http://92.168.3.107:8080) does not work anymore. It will also write the https://... into its response.

Does someone know a simple (or complicated) solution for that problem?

Is it possible to "inject" that secure="true" attribute somehow in bridge / portlet part so liferay will recognise it?

Thanks

Andreas
thumbnail
Juan Gonzalez, modificado hace 10 años.

RE: bridge / jsf / secure="true"

Liferay Legend Mensajes: 3089 Fecha de incorporación: 28/10/08 Mensajes recientes
Hi andreas,

then maybe the solution would be that everybody in portal enter through your load balancer, and enable non-SSL (http) on it.

After that you could configure some rules in your Apache so depending the source IP, permit or not use http or https.

The problem here is that Liferay needs to know the protocol to use (http/https) by the requests, or fix it by some properties.
andreas kehl, modificado hace 10 años.

RE: bridge / jsf / secure="true"

New Member Mensajes: 17 Fecha de incorporación: 30/07/08 Mensajes recientes
I was told, that other applications are allowed to access the portal by http.


That information was not correct.

I proposed to modify
in PortalImpl.java method public String getPortalURL

PropsValues.WEB_SERVER_PROTOCOL is used for the protocol only - not for the (secure) Port.

Just dropped the if (!secure) { part
and handle everything as in if (secure) {

And now it works


public String getPortalURL(
String serverName, int serverPort, boolean secure) {

StringBundler sb = new StringBundler();

if (secure || Http.HTTPS.equals(PropsValues.WEB_SERVER_PROTOCOL)) {
sb.append(Http.HTTPS_WITH_SLASH);
}
else {
sb.append(Http.HTTP_WITH_SLASH);
}

if (Validator.isNull(PropsValues.WEB_SERVER_HOST)) {
sb.append(serverName);
}
else {
sb.append(PropsValues.WEB_SERVER_HOST);
}

if (!secure) {
if (PropsValues.WEB_SERVER_HTTP_PORT == -1) {
if ((serverPort != Http.HTTP_PORT) &&
(serverPort != Http.HTTPS_PORT)) {

sb.append(StringPool.COLON);
sb.append(serverPort);
}
}
else {
if (PropsValues.WEB_SERVER_HTTP_PORT != Http.HTTP_PORT) {
sb.append(StringPool.COLON);
sb.append(PropsValues.WEB_SERVER_HTTP_PORT);
}
}
}

if (secure) {
if (PropsValues.WEB_SERVER_HTTPS_PORT == -1) {
if ((serverPort != Http.HTTP_PORT) &&
(serverPort != Http.HTTPS_PORT)) {

sb.append(StringPool.COLON);
sb.append(serverPort);
}
}
else {
if (PropsValues.WEB_SERVER_HTTPS_PORT != Http.HTTPS_PORT) {
sb.append(StringPool.COLON);
sb.append(PropsValues.WEB_SERVER_HTTPS_PORT);
}
}
}

return sb.toString();
}
thumbnail
Juan Gonzalez, modificado hace 10 años.

RE: bridge / jsf / secure="true"

Liferay Legend Mensajes: 3089 Fecha de incorporación: 28/10/08 Mensajes recientes
I guess I got it.

Can you change your property:
web.server.http.port=8443

to the right value?
thumbnail
Juan Gonzalez, modificado hace 10 años.

RE: bridge / jsf / secure="true"

Liferay Legend Mensajes: 3089 Fecha de incorporación: 28/10/08 Mensajes recientes
Hi again andreas,

please set:

web.server.http.port=-1
web.server.https.port=-1


unless you are using non-standar ports in your proxy for http and https.