Like many websites, I have a login popup on every webpage of my site. Most of these pages are http (non-secure). But the login mechanism has to post to a secure url. All this works great. The problem is the secure url changes in the various dev environments, staging and different production environments.
So not too big of a deal, I just have a properties file for each environment with the secure host and port. Now is there a way to encode the url with the right context and jsession id (if needed) and other things c:url normally does?
for example:
<form method="post" action="${rootHttpsUrl}/login">
I might think this would work to modify the url to add the right context, session info if needed, etc:
<form method="post" action="<c:url value='${rootHttpsUrl}/login'/>">
But that doesn't work because c:url sees https://some-url.com and thinks it's an external link. So I could just modify the url myself:
<form method="post"
action="<%=response.encodeURL(${rootHttpsUrl}${pageContext.request.contextPath}/login)%>">
But escaping to java code like that doesn't let java see the rootHttpsUrl jsp variable (how do I expose this to java?). Is there a way to call encodeURL from within JSP?
So what's the best solution here? I'm using Spring, Spring webmvc and Spring Security v3.0. Ideally there's something like
<c:url value='/login' secure='true'/>
UPDATE: The best I've come up with is to have a properties file for each environment with a property for the https host and port. Then I add that to the model and reference any secure URL like this:
https://${httpsHostAndPort}<c:url value='/login'/>