Request cycle processor that can switch between http and https protocols based on the {@link RequireHttps} annotation.Once this processor is installed, any page annotated with the {@link RequireHttps} annotationwill be served over https, while any page lacking the annotation will be served over http. The annotation can be placed on a super class or an interface that a page implements. To install this processor:
class MyApplication extends WebApplication { @Override protected IRequestCycleProcessor newRequestCycleProcessor() { return new SecureRequestCycleProcessor(config); } } Notes: According to servlet spec a cookie created on an https request is marked as secure, such cookies are not available for http requests. What this means is that a session started over https will not be propagated to further http calls because JSESSIONID cookie will be marked as secure and not available to http requests. This entails that unless a session is created and bound on http prior to using an https request any wicket pages or session values stored in the https session will not be available to further http requests. If your application requires a http->https->http interactions (such as the case where only a login page and my account pages are secure) you must make sure a session is created and stored in the http request prior to the first http->https redirect.