April 1, 2020
Estimated Post Reading Time ~

How to make Instances SSL context aware in CQ/AEM

Use Case:
Most of the times we terminate SSL on load balancer or at dispatcher and communication to publish happen over http. In this case publish server is often not SSL aware and any request specific operations (For example relative path redirect or Link rewriting) happens over http. For example if you do something like request.sendRedirect("/somepath") from server it will get redirected to http://server-name/somepath or when you will do request.isSecure() it will return false. Operations like externalizer.externalLink(resolver, "mydomain", "/my/page") + ".html"; will also return http version of link.

Solution:
Option 1:
Let all links be http and then do force redirect on dispatcher or Load Balancer. For dispatcher rule can be as simple as this,

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [L,R=301]

Issue:
Not SEO friendly (Unless it is relative link).
Can not embed as portlet or Iframe (Cross Site include error) over https.

Option 2:
Use SSL filter from Felix HTTP services http://felix.apache.org/documentation/subprojects/apache-felix-http-service.html#using-the-ssl-filter

If filter is configured, it looks for header configured in configuration and if header value matches configured value context on publish is considered secure and request.isSecure() will return true.



In above case if X-Forwarded-SSL is present with value on then servlet context is secure.

Note: This might not work in version latest CQ version. You can build your own version from trunk https://github.com/apache/felix/tree/trunk/http/sslfilter or from http://svn.apache.org/repos/asf/felix/trunk/http/sslfilter/

One working version of file can be downloaded from here


By aem4beginner

No comments:

Post a Comment

If you have any doubts or questions, please let us know.