JSF redirects from HTTPS to HTTP

Question

I have my application on a test server being executed exclusively over https. When I navigate without redirecting, it works perfectly:

Example:

Answer 1

Another solution is to set

RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443

on the VirtualHost in Apache.

JSF will then know that the redirect should be to a HTTPS connection and no code changes are required.

I have used this with Apache and Wildfly.

Answer 2

I found a solution for this issue. I think it is happening because Apache receives the https connection and forwards for JBoss via http. Then when I redirect to another page, JSF doesn't know that it should be made via https.

With a ConfigurableNavigationHandler I can intercept when it is redirected and mount the correct URL.

public class NavigationHandler extends ConfigurableNavigationHandler {

    private ConfigurableNavigationHandler concreteHandler;

    public NavigationHandler(ConfigurableNavigationHandler concreteHandler) {
        this.concreteHandler = concreteHandler;
    }

    @Override
    public void handleNavigation(FacesContext context, String fromAction, String outcome) {
        if (outcome != null && outcome.contains("faces-redirect=true")) {
            try {
                outcome = "https://server.com/project" + outcome;
                context.getExternalContext().redirect( outcome );
            } catch (IOException e) {
                throw new FacesException(e);
            }
        } else {
            concreteHandler.handleNavigation(context, fromAction, outcome);   
        }
    }
}

in faces-config.xml:

<application>
    <navigation-handler>com.example.NavigationHandler</navigation-handler>
</application>