The best way to test locally is to change IP for the domain. To do that,
modify the hosts file in [windows]/system32/drivers/etc
On 9/17/2012 11:13 AM, Adam Stokar wrote:
Sure. I haven't figured out a good way to test https locally (as it
requires the url to match up with the SSL domain) so hopefully someone
else can chime in there. We also do https testing in our test
environment.
As far as what to do within Stripes, we created an interceptor that
determines if the URL is https or not. The HttpServletRequest provides
methods for that.
We also use Tomcat startup variable (via Tomcat config) to say if the
application will force https at runtime. The benefit of this is so
you can easily turn the behavior on/off by just changing the variable
and restarting the app server.
On Mon, Sep 17, 2012 at 11:01 AM, Brian McSweeney
<brian.mcswee...@gmail.com <mailto:brian.mcswee...@gmail.com>> wrote:
Hi guys,
Thanks for the excellent info. Apache hasn't even come into the
mix yet Tim so I think I'd just like to get it working locally on
tomcat first.
Adam, when you say:
/"You should force all your requests to https to ensure that no
one can change the url from a secure page to a non-secure page."
/
Can you explain on how you actually do this?
thanks again guys,
Brian
On Mon, Sep 17, 2012 at 10:29 AM, Stone, Timothy
<tst...@barclaycardus.com <mailto:tst...@barclaycardus.com>> wrote:
Adam stole my thunder... JIf you're carrying session data
between secure and non-secure sections, you will lose one in
transit for precisely why Adam said.
If you're in a secure area make sure it's always secure. Are
you performing any SSL offloading at Apache? I have found that
offloading SSL at the Apache HTTPD front end to be
significantly easier to manage than in Tomcat/WebLogic/[pick
container]
Tim
*From:*Adam Stokar [mailto:ajsto...@gmail.com
<mailto:ajsto...@gmail.com>]
*Sent:* Monday, September 17, 2012 10:24 AM
*To:* Stripes Users List
*Subject:* Re: [Stripes-users] SSL newbie
Hey Brian,
You should force all your requests to https to ensure that no
one can change the url from a secure page to a non-secure
page. Then you can add a Stripes Interceptor that checks if
the request requires https or not and allow the ones that
don't to pass through. Keep in mind that "switching" between
http and https isn't really possible if you intend to use a
session variable on the server side. Browsers create a new
session id when you switch between the two, even if the rest
of the url is the same.
- Adam
On Mon, Sep 17, 2012 at 10:16 AM, Brian McSweeney
<brian.mcswee...@gmail.com <mailto:brian.mcswee...@gmail.com>>
wrote:
Hi guys,
I have a stripes webapp that I would like to add SSL support
for in a few pages only.
I've come from a struts background where we had ssl-ext as an
extension which simplified this. I've also searched the
archives and come across
http://www.stripesframework.org/jira/browse/STS-239 and some
questioning threads about this topic none of which have been
comprehensively resolved to me.
Can someone point me at a solution/approach to securing a few
pages in stripes and switching between http and https?
cheers,
Brian
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond.
Discussions
will include endpoint security, mobile security and the latest
in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
<mailto:Stripes-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/stripes-users
Barclaycard
www.barclaycardus.com <http://www.barclaycardus.com>
This email and any files transmitted with it may contain
confidential and/or proprietary information. It is intended
solely for the use of the individual or entity who is the
intended recipient. Unauthorized use of this information is
prohibited. If you have received this in error, please contact
the sender by replying to this message and delete this
material from any system it may be on.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond.
Discussions
will include endpoint security, mobile security and the latest
in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
<mailto:Stripes-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/stripes-users
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond.
Discussions
will include endpoint security, mobile security and the latest in
malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
<mailto:Stripes-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/stripes-users
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
