[
http://www.stripesframework.org/jira/browse/STS-239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=11444#action_11444
]
Iwao AVE! commented on STS-239:
-------------------------------
Christian,
I needed this feature recently and your patch saved me. Many thanks!
A few comments:
- I think you forgot to add RuntimeConfiguration.java to the v5 archive.
- The name of the annotation @Secure might be too common, I renamed it to @Ssl
locally.
- An action bean that handles ajax requests should not change the protocol to
satisfy 'same origin policy'.
I have added a parameter 'RewritePolicy' to the annotation.
There are three possible values for the parameter:
(1) SECURE : Always use https. Default.
(2) UNSECURE : Never use https; i.e. always use http. Same behavior as if the
annotation were not present.
(3) NO_REWRITE : Leave the protocol as it is (just use relative path).
> SSL support for Link, Url and Form Tag
> --------------------------------------
>
> Key: STS-239
> URL: http://www.stripesframework.org/jira/browse/STS-239
> Project: Stripes
> Issue Type: New Feature
> Components: Tag Library
> Affects Versions: Release 1.4, Release 1.5
> Reporter: Christian Schwanke
> Fix For: Release 1.6
>
> Attachments: Stripes-SSL-v3.zip, Stripes-SSL-v4.zip,
> Stripes-SSL-v5.zip, Stripes-SSL.zip, Stripes-SSL.zip
>
>
> As a Struts user that learned about Stripes just a few days ago, I really
> missed something like the SSL-Extension for Struts.
> In essence, it is now possible to mark an ActionBean as secure using a new
> annotation @Secure.
> The Stripes tags used for urls, links and forms will check the security state
> of the destination ActionBean and automatically rewrite the target URL
> accordingly.
> The configuration of the SSL settings (host, port) is done using
> init-parameters on the StripesFilter.
> I have attached a ZIP file containing the modified/added java sources and the
> modified TLD file.
> The sources also contain a second modification: I've also added a new
> attribute to the link and url tag called excludeSpecialParams. If this
> attribute is set to true, Stripes specific parameters (i.e. the source page
> parameter) is omitted from the final URL. However, keep in mind that removing
> those parameters can break your application.
> My modifications are based on the 1.4 Beta 1 sources. A detailed explanation
> on what I have changed is included within the attached ZIP file.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://www.stripesframework.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development
