Advise on how to hanle url names when using https
Hi there. Using apache + tomcat, is there a better/different way of reffering to resources (jsps/servlets) in an app when https is required other than hardcoding the full url (https://my.server.com/myapp/whatever.jsp) in the jsps and servlet's that whant to call those resources? Thanks. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Advise on how to hanle url names when using https
Others will have suggestions... Before you settle on a solution, look here http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-ssl.html The code they show is old and slightly broken at this point. It took me half a day or so to get it working correctly on my server. BUT, it couldn't be any easier once complete. === Chris Parker Programmer/Analyst Health Care Services Division California Youth Authority - Original Message - From: Alexander Wallace [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, December 09, 2002 1:45 PM Subject: Advise on how to hanle url names when using https Hi there. Using apache + tomcat, is there a better/different way of reffering to resources (jsps/servlets) in an app when https is required other than hardcoding the full url (https://my.server.com/myapp/whatever.jsp) in the jsps and servlet's that whant to call those resources? Thanks. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Advise on how to hanle url names when using https
Once you serve content via SSL, further URLs can be relative. There is no requirement that all SSL-based URLs be hardcoded. If you have myApp/whatever.jsp in your content, and the request originated via SSL, the URL will be converted to https://some.server.com/myApp/whatever.jsp on the fly. Since best practice for SSL is to protect ALL content in the SSL-enabled area and not just the page that asks for a password or credit card number, the scenario above happens by default. The only time you need to hardcode the entire URL is when you want to switch from SSL to non-SSL, or non-SSL to SSL, and that's because the switch is done by the browser, not the server, and the browser needs to know whether to attempt a connection to port 80 or port 443. John -Original Message- From: Alexander Wallace [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 4:46 PM To: Tomcat Users List Subject: Advise on how to hanle url names when using https Hi there. Using apache + tomcat, is there a better/different way of reffering to resources (jsps/servlets) in an app when https is required other than hardcoding the full url (https://my.server.com/myapp/whatever.jsp) in the jsps and servlet's that whant to call those resources? Thanks. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Advise on how to hanle url names when using https
Thankyou! Based on that i made a filter that does pretty much the same thing, based on the resource prefix. The only thing I disliked about it is that it takes all the stuff in the request if post was used and puts them in a parameter list. Again, thanks! On Mon, 2002-12-09 at 15:50, Chris Parker wrote: Others will have suggestions... Before you settle on a solution, look here http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-ssl.html The code they show is old and slightly broken at this point. It took me half a day or so to get it working correctly on my server. BUT, it couldn't be any easier once complete. === Chris Parker Programmer/Analyst Health Care Services Division California Youth Authority - Original Message - From: Alexander Wallace [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, December 09, 2002 1:45 PM Subject: Advise on how to hanle url names when using https Hi there. Using apache + tomcat, is there a better/different way of reffering to resources (jsps/servlets) in an app when https is required other than hardcoding the full url (https://my.server.com/myapp/whatever.jsp) in the jsps and servlet's that whant to call those resources? Thanks. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Advise on how to hanle url names when using https
Cool, thanks! On Mon, 2002-12-09 at 15:52, Turner, John wrote: Once you serve content via SSL, further URLs can be relative. There is no requirement that all SSL-based URLs be hardcoded. If you have myApp/whatever.jsp in your content, and the request originated via SSL, the URL will be converted to https://some.server.com/myApp/whatever.jsp on the fly. Since best practice for SSL is to protect ALL content in the SSL-enabled area and not just the page that asks for a password or credit card number, the scenario above happens by default. The only time you need to hardcode the entire URL is when you want to switch from SSL to non-SSL, or non-SSL to SSL, and that's because the switch is done by the browser, not the server, and the browser needs to know whether to attempt a connection to port 80 or port 443. John -Original Message- From: Alexander Wallace [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 4:46 PM To: Tomcat Users List Subject: Advise on how to hanle url names when using https Hi there. Using apache + tomcat, is there a better/different way of reffering to resources (jsps/servlets) in an app when https is required other than hardcoding the full url (https://my.server.com/myapp/whatever.jsp) in the jsps and servlet's that whant to call those resources? Thanks. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
