” ...>, this will force negotiation of the
>> secure channel before accidently leaking login information
>> This technique was formerly discouraged, but in wide use today. It will also
>> solve the session state issue.
>>
>> Hope this helps,
>> Tim
>>
>&
ctly, rather than having them generated.
Thanks
Chris
>
>
> Hope this helps,
>
> Tim
>
> ** **
>
> *From:* Chris Cheshire [mailto:cheshira...@gmail.com]
> *Sent:* Friday, April 19, 2013 11:35 AM
> *To:* Stripes Users List
> *Subject:* Re: [Stripes-users]
his helps,
> Tim
>
> From: Chris Cheshire [mailto:cheshira...@gmail.com]
> Sent: Friday, April 19, 2013 11:35 AM
> To: Stripes Users List
> Subject: Re: [Stripes-users] switch to https
>
> I use essentially the same thing - the Tuckey URLRewrite servlet filter.
>
this helps,
Tim
From: Chris Cheshire [mailto:cheshira...@gmail.com]
Sent: Friday, April 19, 2013 11:35 AM
To: Stripes Users List
Subject: Re: [Stripes-users] switch to https
I use essentially the same thing - the Tuckey URLRewrite servlet filter.
Unfortunately it breaks form posts which is why I was
I use essentially the same thing - the Tuckey URLRewrite servlet filter.
Unfortunately it breaks form posts which is why I was wondering whether
there is a way to build the url with https.
On Fri, Apr 19, 2013 at 11:28 AM, Adam Stokar wrote:
> I use a stripes interceptor. If any request comes
I use a stripes interceptor. If any request comes in that is supposed to
be secure, it will redirect to the https version.
if(isSecure(request) && url.indexOf("https") != 0) {
url = url.replace("http", "https");
return new RedirectResolution(url,false);
}
On Fri, Apr 19, 2013 at 11:22 AM,
No, I want to know how to switch from http to https without using url
rewriting (apache, tomcat filter) if possible. I'm fine with everything
being https once the switch is made, I just need to know how to make the
switch when building links via stripes:link or stripes:form where possible.
On Fri
I had to deal with this a long time ago. The best solution was to make all
pages use https. When you switch from http to https, a new session id is
created and it complicates everything. Is there a reason you need http?
On Fri, Apr 19, 2013 at 10:13 AM, Chris Cheshire wrote:
> How do I tell a
How do I tell a stripes:link or stripes:form that I want it to switch to
https? Eg. Start at a non-secure page and switch to https on login.
Do I have to use url rewrite rules, or is there something in Stripes I can
use?
Thanks
Chris
--