Fork me on GitHub

Secure Link Tutorial

This tutorial looks at configuring a specific link for a page to only be accessed via a secure channel (HTTPS).

The below example for this tutorial will implement a simple non-secure page to provide login credentials via a secure link. The simple page for this tutorial is as follows:

SecureLinkHttpServer screen shot.

Tutorial Source

HTML

The page template content is as follows. Please note the link in the form action.

<html>
	<body>

		<form action="#{login}" method="POST">
			Username: <input type="text" name="username" /> <br />
			Password: <input type="password" name="password" />
		</form>

		Other content of non-secure page.
	</body>
</html>

Secure Link

To configure the link (form action) to always be communicated via a secure channel, the following is the configuration:

Secure Link configuration screen shot.

Adding the link and flagging it secure will ensure WoOF renders the link URL on the page to communicate over a secure channel (HTTPS). WoOF also prevents non-secure access to the link servicing by responding with a redirect to use a secure channel.

The configuration of links also works in reverse. Should the template be configured as secure, adding the link and leaving it unchecked indicates a non-secure link. Note that unless configured, links will follow the template secure setting.

Logic

The logic for the page is the following:

public class TemplateLogic {

	@Data
	@HttpParameters
	public static class LoginParameters implements Serializable {
		private static final long serialVersionUID = 1L;

		private String username;

		private String password;
	}

	public void login(LoginParameters credentials, ServerHttpConnection connection) {

		// Confirm a secure connection (not needed but included for tutorial)
		if (!connection.isSecure()) {
			throw new IllegalStateException();
		}

		// Logic for login
	}

}

This tutorial shows sending information over a secure channel (HTTPS) from a non-secure page.

Unit Test

The unit test demonstrates the rendering of the secure link.

@ExtendWith(OfficeFloorExtension.class)
public class SecureLinkHttpServerTest {

	@RegisterExtension
	public final HttpClientExtension client = new HttpClientExtension();

	@Test
	public void ensureLinkRenderedSecure() throws Exception {

		// Obtain the page
		HttpResponse response = this.client.execute(new HttpGet("http://localhost:7878"));
		String renderedPage = EntityUtils.toString(response.getEntity());

		// Ensure login form (link) is secure
		assertTrue(renderedPage.contains("form action=\"https://localhost:7979/+login"), "Login form should be secure");
	}

}

Next

The next tutorial looks at authentication.