subject:"SSL on url demand"

Re: SSL on url demand

2016-03-15 Thread h3ph3st0s

Yes, it seems nice. But in deed I don't know how to "glue" it within 
requests/responses and especially ajax.


Also it says about Request.isSecure() method which also seems good, right ?
Should be within a method with @AfterRender, in order to evaluate always 
the calls ?


Thanks and regards,
Dimitris

On 2016-03-10 15:15, Barry Books wrote:

I think you could override the service RequestSecurityManager and make it
do whatever you want.

On Wednesday, March 9, 2016, h3ph3st0s  wrote:


Hi,

I built a small tapestry page under jboss. I read that in order to apply
SSL I had to either put @Secure annotation or configure with
configuration.add(MetaDataConstants.SECURE_PAGE, "true");

Everything is ok with that, but my issue how can I make this to be
reconfigured each time depending the url if it has "http" or "https" and
without restarting application server.

The request is that the application should be accessed with or without
SSL. Jboss is configured ok. But I am stack with this hardcoded "true".

Can I override it ?
Is there any other workaround ?

Just for clarification I wanted something like that ( depending on the url
) :
String jbossDir= System.getProperty("jboss.server.base.dir");
 System.out.println(jbossDir);
 Properties appProp = new Properties();
 try {
 appProp.load(new BufferedInputStream(new
FileInputStream(String.format("%s/app.properties", jbossDir ) )));
 String ssl = appProp.getProperty("SSL");
 if ( ssl !=null ) {
 ssl = ssl.toLowerCase().trim();
 }
*configuration.add(MetaDataConstants.SECURE_PAGE, ssl);*
 } catch (FileNotFoundException e) {
 configuration.add(MetaDataConstants.SECURE_PAGE, "true");
 e.printStackTrace();
 } catch (IOException e) {
 configuration.add(MetaDataConstants.SECURE_PAGE, "true");
 e.printStackTrace();
 }*
**
*




-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Re: SSL on url demand

2016-03-15 Thread Norman Franke

Unless, of course, you offload SSL processing to a load balancer. Tapestry 
doesn’t seem to handle that at all.

Norman Franke
Answering Service for Directors, Inc.
www.myasd.com 



> On Mar 9, 2016, at 9:36 PM, JumpStart  
> wrote:
> 
> The simple answer is - the whole world is being moved to HTTPS very rapidly 
> so just go with it, for EVERY request. See 
> http://motherboard.vice.com/read/google-will-soon-shame-all-websites-that-are-unencrypted-chrome-https
> 
> To do this, in your AppModule just set 
> 
>   configuration.add(MetaDataConstants.SECURE_PAGE, "true”);
> 
> then in production, staging, UAT, etc. set this system property...
> 
>   -Dtapestry.secure-enabled=true
> 
> and in development you might like to turn it off…
> 
>   -Dtapestry.secure-enabled=false
> 
> Alternatively, if you really must allow some requests to use HTTP, then 
> follow the tips in here:
> 
>   http://tapestry.apache.org/https.html
> 
> HTH,
> 
> Geoff
> 
>> On 9 Mar 2016, at 9:56 PM, h3ph3st0s  wrote:
>> 
>> Hi,
>> 
>> I built a small tapestry page under jboss. I read that in order to apply SSL 
>> I had to either put @Secure annotation or configure with
>> configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>> 
>> Everything is ok with that, but my issue how can I make this to be 
>> reconfigured each time depending the url if it has "http" or "https" and 
>> without restarting application server.
>> 
>> The request is that the application should be accessed with or without SSL. 
>> Jboss is configured ok. But I am stack with this hardcoded "true".
>> 
>> Can I override it ?
>> Is there any other workaround ?
>> 
>> Just for clarification I wanted something like that ( depending on the url ) 
>> :
>> String jbossDir= System.getProperty("jboss.server.base.dir");
>>   System.out.println(jbossDir);
>>   Properties appProp = new Properties();
>>   try {
>>   appProp.load(new BufferedInputStream(new 
>> FileInputStream(String.format("%s/app.properties", jbossDir ) )));
>>   String ssl = appProp.getProperty("SSL");
>>   if ( ssl !=null ) {
>>   ssl = ssl.toLowerCase().trim();
>>   }
>> *configuration.add(MetaDataConstants.SECURE_PAGE, ssl);*
>>   } catch (FileNotFoundException e) {
>>   configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>>   e.printStackTrace();
>>   } catch (IOException e) {
>>   configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>>   e.printStackTrace();
>>   }*
>> **
>> *
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>

Re: SSL on url demand

2016-03-10 Thread Barry Books

I think you could override the service RequestSecurityManager and make it
do whatever you want.

On Wednesday, March 9, 2016, h3ph3st0s  wrote:

> Hi,
>
> I built a small tapestry page under jboss. I read that in order to apply
> SSL I had to either put @Secure annotation or configure with
> configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>
> Everything is ok with that, but my issue how can I make this to be
> reconfigured each time depending the url if it has "http" or "https" and
> without restarting application server.
>
> The request is that the application should be accessed with or without
> SSL. Jboss is configured ok. But I am stack with this hardcoded "true".
>
> Can I override it ?
> Is there any other workaround ?
>
> Just for clarification I wanted something like that ( depending on the url
> ) :
> String jbossDir= System.getProperty("jboss.server.base.dir");
> System.out.println(jbossDir);
> Properties appProp = new Properties();
> try {
> appProp.load(new BufferedInputStream(new
> FileInputStream(String.format("%s/app.properties", jbossDir ) )));
> String ssl = appProp.getProperty("SSL");
> if ( ssl !=null ) {
> ssl = ssl.toLowerCase().trim();
> }
> *configuration.add(MetaDataConstants.SECURE_PAGE, ssl);*
> } catch (FileNotFoundException e) {
> configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> e.printStackTrace();
> } catch (IOException e) {
> configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> e.printStackTrace();
> }*
> **
> *
>

Re: SSL on url demand

2016-03-10 Thread Chris Poulsen

I has been a long while since I looked at this, but as far as i can
remember that setting allows the application to work in both http / https
mode depending on the protocol specified by the request (we use T5.4) - so
if the page is requested using https all links that are generated are
respecting that.

-- 
Chris

On Thu, Mar 10, 2016 at 12:34 PM, h3ph3st0s  wrote:

> Chris hi,
> thanks for the answer but this is already tested & it works. But it is
> hard-coded and practically does not allow me to switch on or off the
> overall SSL context per user request.
>
> I have seen other applications that work either http or https
> simultaneously without redeploying new compiled code.
> Is there a way to accomplish this with tapestry ( for java and javascript
> part ) framework version 5.3?
>
> Regards
> Dimitri
>
> On 2016-03-10 12:40, Chris Poulsen wrote:
>
>> I think we're handling it like this:
>>
>> // default to non-secure pages (allows us to support both http and https
>> based on the incoming request)
>> configuration.add( SymbolConstants.SECURE_ENABLED, "false" );
>>
>> HTH.
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>

Re: SSL on url demand

2016-03-10 Thread h3ph3st0s


Chris hi,
thanks for the answer but this is already tested & it works. But it is 
hard-coded and practically does not allow me to switch on or off the 
overall SSL context per user request.


I have seen other applications that work either http or https 
simultaneously without redeploying new compiled code.
Is there a way to accomplish this with tapestry ( for java and 
javascript part ) framework version 5.3?


Regards
Dimitri

On 2016-03-10 12:40, Chris Poulsen wrote:

I think we're handling it like this:

// default to non-secure pages (allows us to support both http and https
based on the incoming request)
configuration.add( SymbolConstants.SECURE_ENABLED, "false" );

HTH.




-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Re: SSL on url demand

2016-03-10 Thread h3ph3st0s


Hi and thank you for the responses,

Perhaps it was not clear the question.
If I use configuration or "-D" or @Secure then I am stack application 
wide for entire usage.
What I would like to know if there is a way to switch on or off 
depending if the user requested https and port e.g. 8443 OR http and 
port 8080.


But without restart of applicationserver or redeployment.

Thanks,
Dimitri

On 2016-03-10 4:36, JumpStart wrote:

The simple answer is - the whole world is being moved to HTTPS very rapidly so 
just go with it, for EVERY request. See 
http://motherboard.vice.com/read/google-will-soon-shame-all-websites-that-are-unencrypted-chrome-https

To do this, in your AppModule just set

configuration.add(MetaDataConstants.SECURE_PAGE, "true”);

then in production, staging, UAT, etc. set this system property...

-Dtapestry.secure-enabled=true

and in development you might like to turn it off…

-Dtapestry.secure-enabled=false

Alternatively, if you really must allow some requests to use HTTP, then follow 
the tips in here:

http://tapestry.apache.org/https.html

HTH,

Geoff


On 9 Mar 2016, at 9:56 PM, h3ph3st0s  wrote:

Hi,

I built a small tapestry page under jboss. I read that in order to apply SSL I 
had to either put @Secure annotation or configure with
configuration.add(MetaDataConstants.SECURE_PAGE, "true");

Everything is ok with that, but my issue how can I make this to be reconfigured each time depending 
the url if it has "http" or "https" and without restarting application server.

The request is that the application should be accessed with or without SSL. Jboss is 
configured ok. But I am stack with this hardcoded "true".

Can I override it ?
Is there any other workaround ?

Just for clarification I wanted something like that ( depending on the url ) :
String jbossDir= System.getProperty("jboss.server.base.dir");
System.out.println(jbossDir);
Properties appProp = new Properties();
try {
appProp.load(new BufferedInputStream(new 
FileInputStream(String.format("%s/app.properties", jbossDir ) )));
String ssl = appProp.getProperty("SSL");
if ( ssl !=null ) {
ssl = ssl.toLowerCase().trim();
}
*configuration.add(MetaDataConstants.SECURE_PAGE, ssl);*
} catch (FileNotFoundException e) {
configuration.add(MetaDataConstants.SECURE_PAGE, "true");
e.printStackTrace();
} catch (IOException e) {
configuration.add(MetaDataConstants.SECURE_PAGE, "true");
e.printStackTrace();
}*
**
*


-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Re: SSL on url demand

2016-03-10 Thread Chris Poulsen

I think we're handling it like this:

// default to non-secure pages (allows us to support both http and https
based on the incoming request)
configuration.add( SymbolConstants.SECURE_ENABLED, "false" );

HTH.

-- 
Chris

On Thu, Mar 10, 2016 at 3:36 AM, JumpStart <
geoff.callender.jumpst...@gmail.com> wrote:

> The simple answer is - the whole world is being moved to HTTPS very
> rapidly so just go with it, for EVERY request. See
> http://motherboard.vice.com/read/google-will-soon-shame-all-websites-that-are-unencrypted-chrome-https
>
> To do this, in your AppModule just set
>
> configuration.add(MetaDataConstants.SECURE_PAGE, "true”);
>
> then in production, staging, UAT, etc. set this system property...
>
> -Dtapestry.secure-enabled=true
>
> and in development you might like to turn it off…
>
> -Dtapestry.secure-enabled=false
>
> Alternatively, if you really must allow some requests to use HTTP, then
> follow the tips in here:
>
> http://tapestry.apache.org/https.html
>
> HTH,
>
> Geoff
>
> > On 9 Mar 2016, at 9:56 PM, h3ph3st0s  wrote:
> >
> > Hi,
> >
> > I built a small tapestry page under jboss. I read that in order to apply
> SSL I had to either put @Secure annotation or configure with
> > configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> >
> > Everything is ok with that, but my issue how can I make this to be
> reconfigured each time depending the url if it has "http" or "https" and
> without restarting application server.
> >
> > The request is that the application should be accessed with or without
> SSL. Jboss is configured ok. But I am stack with this hardcoded "true".
> >
> > Can I override it ?
> > Is there any other workaround ?
> >
> > Just for clarification I wanted something like that ( depending on the
> url ) :
> > String jbossDir= System.getProperty("jboss.server.base.dir");
> >System.out.println(jbossDir);
> >Properties appProp = new Properties();
> >try {
> >appProp.load(new BufferedInputStream(new
> FileInputStream(String.format("%s/app.properties", jbossDir ) )));
> >String ssl = appProp.getProperty("SSL");
> >if ( ssl !=null ) {
> >ssl = ssl.toLowerCase().trim();
> >}
> > *configuration.add(MetaDataConstants.SECURE_PAGE, ssl);*
> >} catch (FileNotFoundException e) {
> >configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> >e.printStackTrace();
> >} catch (IOException e) {
> >configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> >e.printStackTrace();
> >}*
> > **
> > *
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>

Re: SSL on url demand

2016-03-09 Thread JumpStart

The simple answer is - the whole world is being moved to HTTPS very rapidly so 
just go with it, for EVERY request. See 
http://motherboard.vice.com/read/google-will-soon-shame-all-websites-that-are-unencrypted-chrome-https

To do this, in your AppModule just set 

configuration.add(MetaDataConstants.SECURE_PAGE, "true”);

then in production, staging, UAT, etc. set this system property...

-Dtapestry.secure-enabled=true

and in development you might like to turn it off…

-Dtapestry.secure-enabled=false

Alternatively, if you really must allow some requests to use HTTP, then follow 
the tips in here:

http://tapestry.apache.org/https.html

HTH,

Geoff

> On 9 Mar 2016, at 9:56 PM, h3ph3st0s  wrote:
> 
> Hi,
> 
> I built a small tapestry page under jboss. I read that in order to apply SSL 
> I had to either put @Secure annotation or configure with
> configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> 
> Everything is ok with that, but my issue how can I make this to be 
> reconfigured each time depending the url if it has "http" or "https" and 
> without restarting application server.
> 
> The request is that the application should be accessed with or without SSL. 
> Jboss is configured ok. But I am stack with this hardcoded "true".
> 
> Can I override it ?
> Is there any other workaround ?
> 
> Just for clarification I wanted something like that ( depending on the url ) :
> String jbossDir= System.getProperty("jboss.server.base.dir");
>System.out.println(jbossDir);
>Properties appProp = new Properties();
>try {
>appProp.load(new BufferedInputStream(new 
> FileInputStream(String.format("%s/app.properties", jbossDir ) )));
>String ssl = appProp.getProperty("SSL");
>if ( ssl !=null ) {
>ssl = ssl.toLowerCase().trim();
>}
> *configuration.add(MetaDataConstants.SECURE_PAGE, ssl);*
>} catch (FileNotFoundException e) {
>configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>e.printStackTrace();
>} catch (IOException e) {
>configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>e.printStackTrace();
>}*
> **
> *


-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

SSL on url demand

2016-03-09 Thread h3ph3st0s


Hi,

I built a small tapestry page under jboss. I read that in order to apply 
SSL I had to either put @Secure annotation or configure with

configuration.add(MetaDataConstants.SECURE_PAGE, "true");

Everything is ok with that, but my issue how can I make this to be 
reconfigured each time depending the url if it has "http" or "https" and 
without restarting application server.


The request is that the application should be accessed with or without 
SSL. Jboss is configured ok. But I am stack with this hardcoded "true".


Can I override it ?
Is there any other workaround ?

Just for clarification I wanted something like that ( depending on the 
url ) :

String jbossDir= System.getProperty("jboss.server.base.dir");
System.out.println(jbossDir);
Properties appProp = new Properties();
try {
appProp.load(new BufferedInputStream(new 
FileInputStream(String.format("%s/app.properties", jbossDir ) )));

String ssl = appProp.getProperty("SSL");
if ( ssl !=null ) {
ssl = ssl.toLowerCase().trim();
}
*configuration.add(MetaDataConstants.SECURE_PAGE, ssl);*
} catch (FileNotFoundException e) {
configuration.add(MetaDataConstants.SECURE_PAGE, "true");
e.printStackTrace();
} catch (IOException e) {
configuration.add(MetaDataConstants.SECURE_PAGE, "true");
e.printStackTrace();
}*
**
*

Re: SSL on url demand

Re: SSL on url demand

Re: SSL on url demand

Re: SSL on url demand

Re: SSL on url demand

Re: SSL on url demand

Re: SSL on url demand

Re: SSL on url demand

SSL on url demand

9 matches

Site Navigation

Mail list logo

Footer information