I am planning to add an optional HTTPS filter for the authentication filter chains. If this filter is active, an incoming HTTP request should be redirected to an HTTPS request.
Example:
http://my.geoserver.org/goeserver?service=wms&request=getCapabilites
is redirected to
https://my.geoserver.org/goeserver?service=wms&request=getCapabilites
I am unsure how to deal with a reverse proxy.
The client sends to the proxy
http://my.geoserver.org/goeserver?service=wms&request=getCapabilites
The proxy forwards
http://my.geoserver.local/goeserver?service=wms&request=getCapabilites
Geoserver sends a redirect
https://my.geoserver.local/goeserver?service=wms&request=getCapabilites
This URL is useless for the client. I know proxies which can handle redirects, the proxy sends back a redirect with
https://my.geoserver.org/goeserver?service=wms&request=getCapabilites
Should we rely on this fact ?. Or is it better to give the optional possibility to configure the external geoserver url up to the context root ( https://**my.geoserver.org/**goeserver) and the filter calculates the full external URL itself.
Thanks
On Mon, Jan 14, 2013 at 10:46 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:
Should we rely on this fact ?. Or is it better to give the optional possibility to configure the external geoserver url up to the context root ( https://**my.geoserver.org/**goeserver) and the filter calculates the full external URL itself.
We already have the configuration of the external URL, it’s called “Proxy base URL”.
Every URL generated by GeoServer for client consumption must be processed
via URLManglers, which happens when calling:
ResponseUtils.buildURL(String baseURL, String path, Map<String, String> kvp, URLType type)
Failure to call the above method when creating a URL that a client will get back
from GeoServer is a bug
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
On Mon, Jan 14, 2013 at 10:54 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:
On Mon, Jan 14, 2013 at 10:46 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:
Should we rely on this fact ?. Or is it better to give the optional possibility to configure the external geoserver url up to the context root ( https://**my.geoserver.org/**goeserver) and the filter calculates the full external URL itself.
We already have the configuration of the external URL, it’s called “Proxy base URL”.
Every URL generated by GeoServer for client consumption must be processed
via URLManglers, which happens when calling:
ResponseUtils.buildURL(String baseURL, String path, Map<String, String> kvp, URLType type)
Failure to call the above method when creating a URL that a client will get back
from GeoServer is a bug
Forgot to add, one of the URL manglers is responsible for applying the “proxy base url”
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
Nice, a singleton filter object should be sufficient and activation is done by a check box.
Thanks
2013/1/14 Andrea Aime <andrea.aime@anonymised.com>
On Mon, Jan 14, 2013 at 10:54 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:
On Mon, Jan 14, 2013 at 10:46 AM, Christian Mueller <mcrmcr21@anonymised.com…> wrote:
Should we rely on this fact ?. Or is it better to give the optional possibility to configure the external geoserver url up to the context root ( https://**my.geoserver.org/**goeserver) and the filter calculates the full external URL itself.
We already have the configuration of the external URL, it’s called “Proxy base URL”.
Every URL generated by GeoServer for client consumption must be processed
via URLManglers, which happens when calling:
ResponseUtils.buildURL(String baseURL, String path, Map<String, String> kvp, URLType type)
Failure to call the above method when creating a URL that a client will get back
from GeoServer is a bug
Forgot to add, one of the URL manglers is responsible for applying the “proxy base url”
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it