[Geoserver-devel] Redirecting an HTTP request to an HTTPS request

I am planning to add an optional HTTPS filter for the authentication filter chains. If this filter is active, an incoming HTTP request should be redirected to an HTTPS request.

Example:

http://my.geoserver.org/goeserver?service=wms&request=getCapabilites

is redirected to

https://my.geoserver.org/goeserver?service=wms&request=getCapabilites


I am unsure how to deal with a reverse proxy.

The client sends to the proxy

http://my.geoserver.org/goeserver?service=wms&request=getCapabilites

The proxy forwards

http://my.geoserver.local/goeserver?service=wms&request=getCapabilites

Geoserver sends a redirect

https://my.geoserver.local/goeserver?service=wms&request=getCapabilites

This URL is useless for the client. I know proxies which can handle redirects, the proxy sends back a redirect with

https://my.geoserver.org/goeserver?service=wms&request=getCapabilites


Should we rely on this fact ?. Or is it better to give the optional possibility to configure the external geoserver url up to the context root ( https://**my.geoserver.org/**goeserver) and the filter calculates the full external URL itself.

Thanks

On Mon, Jan 14, 2013 at 10:46 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

Should we rely on this fact ?. Or is it better to give the optional possibility to configure the external geoserver url up to the context root ( https://**my.geoserver.org/**goeserver) and the filter calculates the full external URL itself.

We already have the configuration of the external URL, it’s called “Proxy base URL”.
Every URL generated by GeoServer for client consumption must be processed
via URLManglers, which happens when calling:

ResponseUtils.buildURL(String baseURL, String path, Map<String, String> kvp, URLType type)

Failure to call the above method when creating a URL that a client will get back
from GeoServer is a bug

Cheers
Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


On Mon, Jan 14, 2013 at 10:54 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:

On Mon, Jan 14, 2013 at 10:46 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

Should we rely on this fact ?. Or is it better to give the optional possibility to configure the external geoserver url up to the context root ( https://**my.geoserver.org/**goeserver) and the filter calculates the full external URL itself.

We already have the configuration of the external URL, it’s called “Proxy base URL”.
Every URL generated by GeoServer for client consumption must be processed
via URLManglers, which happens when calling:

ResponseUtils.buildURL(String baseURL, String path, Map<String, String> kvp, URLType type)

Failure to call the above method when creating a URL that a client will get back
from GeoServer is a bug

Forgot to add, one of the URL manglers is responsible for applying the “proxy base url”

Cheers
Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


Nice, a singleton filter object should be sufficient and activation is done by a check box.

Thanks

2013/1/14 Andrea Aime <andrea.aime@anonymised.com>

On Mon, Jan 14, 2013 at 10:54 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:

On Mon, Jan 14, 2013 at 10:46 AM, Christian Mueller <mcrmcr21@anonymised.com…> wrote:

Should we rely on this fact ?. Or is it better to give the optional possibility to configure the external geoserver url up to the context root ( https://**my.geoserver.org/**goeserver) and the filter calculates the full external URL itself.

We already have the configuration of the external URL, it’s called “Proxy base URL”.
Every URL generated by GeoServer for client consumption must be processed
via URLManglers, which happens when calling:

ResponseUtils.buildURL(String baseURL, String path, Map<String, String> kvp, URLType type)

Failure to call the above method when creating a URL that a client will get back
from GeoServer is a bug

Forgot to add, one of the URL manglers is responsible for applying the “proxy base url”

Cheers

Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it