Well, you've always got access to the Request object, which would allow you to detect in a BasePage class whether the incoming request was secure or not. The pageValidate() method of your base page (or the tap3 equivalent, I suppose) could handle redirecting before the page even renders. In the worst case, run two instances of your application, one secure and one not, do manual detection in the your base page class, and with a tiny bit of cookie trickery, you could maintain enough state in the client to recognize the user in either application in a reasonably secure manner. Of course, shopping carts and the like would have to persist in some kind of shared storage, but it certainly isnt unworkable. That said, I'm a Tap4 user, so this isn't, apparently, an issue for me. In my case, I'm building customer facing enterprise apps that pass lots of sensitive data back and forth, so the entire app behind an SSL capable load balancing switch is pretty much the norm.
--sam On 4/5/06, Korbinian Bachl <[EMAIL PROTECTED]> wrote: > Hi Sam, > > sorry, but this is exactly the worst way to implement https - only container > side. The app itself has to be aware if its getting http or https > connections - e.g may i show some secret info ? may i ask for credit card > number? or: im not very secret/ interesting so forget https and get this > http-redirect instead! etc. > > and having the whole app accessible via https leads to another problem: > performance - just imagine you got a spider going on a https page and then > crawles forward all over - or some visitors who think this lovely lock icon > is better... > > -- korbinian > > > > -----Ursprüngliche Nachricht----- > > Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im > > Auftrag von Sam Gendler > > Gesendet: Mittwoch, 5. April 2006 01:15 > > An: Tapestry users > > Betreff: Re: https > > > > I don't have an answer offhand, but some google searching on > > using your particular servlet container and/or application > > server with https should be sufficient to get you started. > > The application code itself shouldn't require anything in > > particular in order to support https. > > For something like tomcat, you can just put it behind an > > apache instance, although I believe tomcat can also support > > openssl based sockets via the tomcat native library. That > > should even allow you to use hardware acceleration for ssl. > > > > --sam > > > > > > On 4/4/06, Detlef Schulze <[EMAIL PROTECTED]> wrote: > > > ... should mention that I'm still on T3 ... > > > > > > -----Original Message----- > > > From: Detlef Schulze > > > Sent: 04 April 2006 20:25 > > > To: Tapestry users > > > Subject: https > > > > > > Hi everyone, > > > > > > I have two websites that need to work (partly) with https. > > How can I > > > use https with tapestry? It used to be so simple with WebObjects ;-) > > > > > > > > > Tia, > > > Detlef > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
