Fork me on GitHub

Secure Link Tutorial

This tutorial looks at configuring a specific link for a page to only be accessed via a secure channel (HTTPS).

The below example for this tutorial will implement a simple non-secure page to provide login credentials via a secure link. The simple page for this tutorial is as follows:

SecureLinkHttpServer screen shot.

Tutorial Source


The page template content is as follows. Please note the link in the form action.


		<form action="#{login}" method="POST">
			Username: <input type="text" name="username" /> <br />
			Password: <input type="password" name="password" />

		Other content of non-secure page.

Secure Link

To configure the link (form action) to always be communicated via a secure channel, the following is the configuration:

Secure Link configuration screen shot.

Adding the link and flagging it secure will ensure WoOF renders the link URL on the page to communicate over a secure channel (HTTPS). WoOF also prevents non-secure access to the link servicing by responding with a redirect to use a secure channel.

The configuration of links also works in reverse. Should the template be configured as secure, adding the link and leaving it unchecked indicates a non-secure link. Note that unless configured, links will follow the template secure setting.


The logic for the page is the following:

public class TemplateLogic {

	public static class LoginParameters implements Serializable {
		private static final long serialVersionUID = 1L;

		private String username;

		private String password;

	public void login(LoginParameters credentials, ServerHttpConnection connection) {

		// Confirm a secure connection (not needed but included for tutorial)
		if (!connection.isSecure()) {
			throw new IllegalStateException();

		// Logic for login


This tutorial shows sending information over a secure channel (HTTPS) from a non-secure page.

Unit Test

The unit test demonstrates the rendering of the secure link.

public class SecureLinkHttpServerTest {

	public final HttpClientExtension client = new HttpClientExtension();

	public void ensureLinkRenderedSecure() throws Exception {

		// Obtain the page
		HttpResponse response = this.client.execute(new HttpGet("http://localhost:7878"));
		String renderedPage = EntityUtils.toString(response.getEntity());

		// Ensure login form (link) is secure
		assertTrue(renderedPage.contains("form action=\"https://localhost:7979/+login"), "Login form should be secure");



The next tutorial looks at authentication.