Though not very clean I use a javax.servlet.Filter that locks down parts
of the site by redirecting to/fro http/https.
So if a url coming in points to any of those pages I make sure that it's
request.isSecure, else I get the full url and replace the scheme(
http,https ) and port( 80,443 ), and sendRedirect. After it's been
moved onto the https area, tapestry generates all of the urls consistent
with that, keeping all references within the https area. And once they
try to go to a unsecure part of the site, we redirect them onto the http
url.
Not the best/elegant option: 1) all dependent resources/images are https
when they don't have to be, 2) there are a few redirects that we
probably could do without. But it does work for us quite nicely.
http://www.protrade.com/
Gerald Schöffel wrote:
Hi !
My first project at work I tried to use Tapestry for was canceled because of
deadline constraints and some https-issues I could not solve at that time.
Ok, so I went back to Tapestry in my spare time - I think this framework is
absolutely great. I want to use it for projects at work.
And now (getting around the Login-Page :) ) time is come to implement secure
connections again :(
And I still have absolutely no idea, how to do this.
The 'scheme' binding used on links doesn't work for me - so there is no build
in support for https in my point of view. Kent Tong gave me some hints at that
time (building an own LinkRenderer) but I gave up because it got to complicated.
Why does the included scheme binding not work for me ?
Examples:
Tomcat on local machine, port 8080. The link rendered when using https-scheme
looks like:
https://localhost:8080/myApp/my.page :(
Using Apache as a proxy running on port 80, forwarding to localhost on port
8080, the link looks like:
https://mydomain:80/myApp/my.page :(
When using an own LinkRenderer I could solve this problem - but then I have to
use this Renderer on all links on my site - not to comfortable.
So for me, Tapestry doesn't do the job (maybe there is a solution I am not
aware of - so please tell it to me :) ).
Currently my planning is to move all secured pages in /WEB-INF/secure and use
Apache as an proxy to forward this path to https (anyone aware of a source for
downloading Apache binary with included ssl-support for Windows ? :) ).
But I am almost sure, that there is a solution out there.
So it would be great, if anyone could give me some hints (links or keywords)
how to implement https 'the clever way' :)
Many thanks !!
Gerald
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
