SSL Interceptor Problem (revisted)

I posed this problem yesterday, and Brad was very helpful. Thought I had it nailed, but it still isn’t working right and I’m hoping someone can point me in the right direction.

Here is the scenario and problem definition, starting with how it should work:

  1. SSL Interceptor which check the setting “requireSSL”

  2. If requireSSL=true and we are not in SSL mode, a redirect URL will be created using the event.buildLink(event.getCurrentRoutedURL())

  3. As part of this system includes RESTful Web services, if the cgi.path_info does not begin with /api/, a redirect to the HTTPS version of the page is issued.

Note that the request decorator has been extended so that the default for SSL will be TRUE, if the requireSSL in coldbox.cfc is true.

The SSLInterceptor is defined on the event of afterHandlerCreation, as I needed access to the event.getCurrentRoutedURL() information for the redirect. This may not be the right intercept point.

Lastly, the problem I am having is that on fwreinit=true, using HTTP, I am getting a redirect loop. If I fwreinit=true using HTTPS, after init, I can attempt to go to the HTTP version of the page, and I will be successfully redirected to the HTTPS version.

In a word, I’m stumped. This all works great in 2.6, but I can’t seem to replicate the solution in CB 3.

Thanks in advance for any suggestions.

Kevin S. Anderson

Superlative Solutions, Inc.