I have been able to test SSL alright in home, by creating a CA, and
creating signed certificates by it. Took me a hole day, but I finally
understood how to do those things.
Then, you just have to add that cert to your trusted ones.
Javier Domingo
2012/9/17 Adam Stokar <ajsto...@gmail.com>
> Sure. I haven't figured out a good way to test https locally (as it
> requires the url to match up with the SSL domain) so hopefully someone else
> can chime in there. We also do https testing in our test environment.
>
> As far as what to do within Stripes, we created an interceptor that
> determines if the URL is https or not. The HttpServletRequest provides
> methods for that.
>
> We also use Tomcat startup variable (via Tomcat config) to say if the
> application will force https at runtime. The benefit of this is so you can
> easily turn the behavior on/off by just changing the variable and
> restarting the app server.
>
>
>
> On Mon, Sep 17, 2012 at 11:01 AM, Brian McSweeney <
> brian.mcswee...@gmail.com> wrote:
>
>> Hi guys,
>>
>> Thanks for the excellent info. Apache hasn't even come into the mix yet
>> Tim so I think I'd just like to get it working locally on tomcat first.
>>
>> Adam, when you say:
>>
>>
>> *"You should force all your requests to https to ensure that no one can
>> change the url from a secure page to a non-secure page."
>> *
>> Can you explain on how you actually do this?
>>
>> thanks again guys,
>> Brian
>>
>>
>>
>> On Mon, Sep 17, 2012 at 10:29 AM, Stone, Timothy <
>> tst...@barclaycardus.com> wrote:
>>
>>> Adam stole my thunder… J If you’re carrying session data between
>>> secure and non-secure sections, you will lose one in transit for precisely
>>> why Adam said.****
>>>
>>> ** **
>>>
>>> If you’re in a secure area make sure it’s always secure. Are you
>>> performing any SSL offloading at Apache? I have found that offloading SSL
>>> at the Apache HTTPD front end to be significantly easier to manage than in
>>> Tomcat/WebLogic/[pick container]****
>>>
>>> ** **
>>>
>>> Tim****
>>>
>>> ** **
>>>
>>> *From:* Adam Stokar [mailto:ajsto...@gmail.com]
>>> *Sent:* Monday, September 17, 2012 10:24 AM
>>> *To:* Stripes Users List
>>> *Subject:* Re: [Stripes-users] SSL newbie****
>>>
>>> ** **
>>>
>>> Hey Brian,****
>>>
>>> ** **
>>>
>>> You should force all your requests to https to ensure that no one can
>>> change the url from a secure page to a non-secure page. Then you can add
>>> a Stripes Interceptor that checks if the request requires https or not and
>>> allow the ones that don't to pass through. Keep in mind that "switching"
>>> between http and https isn't really possible if you intend to use a session
>>> variable on the server side. Browsers create a new session id when you
>>> switch between the two, even if the rest of the url is the same.****
>>>
>>> ** **
>>>
>>> - Adam****
>>>
>>> ** **
>>>
>>> On Mon, Sep 17, 2012 at 10:16 AM, Brian McSweeney <
>>> brian.mcswee...@gmail.com> wrote:****
>>>
>>> Hi guys,
>>>
>>> I have a stripes webapp that I would like to add SSL support for in a
>>> few pages only.
>>>
>>> I've come from a struts background where we had ssl-ext as an extension
>>> which simplified this. I've also searched the archives and come across
>>> http://www.stripesframework.org/jira/browse/STS-239 and some
>>> questioning threads about this topic none of which have been
>>> comprehensively resolved to me.
>>>
>>> Can someone point me at a solution/approach to securing a few pages in
>>> stripes and switching between http and https?
>>>
>>> cheers,
>>> Brian
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond. Discussions
>>> will include endpoint security, mobile security and the latest in malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> Stripes-users mailing list
>>> Stripes-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/stripes-users****
>>>
>>> ** **
>>>
>>> Barclaycard
>>>
>>> www.barclaycardus.com
>>>
>>> This email and any files transmitted with it may contain confidential
>>> and/or proprietary information. It is intended solely for the use of the
>>> individual or entity who is the intended recipient. Unauthorized use of
>>> this information is prohibited. If you have received this in error, please
>>> contact the sender by replying to this message and delete this material
>>> from any system it may be on.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond. Discussions
>>> will include endpoint security, mobile security and the latest in malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> Stripes-users mailing list
>>> Stripes-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/stripes-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Stripes-users mailing list
>> Stripes-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/stripes-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
