Haven't tested this one, but it looks simple and ok to me. public static void adviseRequestSecurityManager(MethodAdviceReceiver receiver, final Request request, final BaseURLSource baseURLSource, Logger log) { try { Method checkForInsecureRequest = receiver.getInterface().getMethod("checkForInsecureRequest", String.class); receiver.adviseMethod(checkForInsecureRequest, new MethodAdvice() {
public void advise(Invocation invocation) { invocation.overrideResult(false); } }); Method getBaseURL = receiver.getInterface().getMethod("getBaseURL", String.class); receiver.adviseMethod(getBaseURL, new MethodAdvice() { public void advise(Invocation invocation) { String url = baseURLSource.getBaseURL(request.isSecure()); invocation.overrideResult(url); } }); } catch (NoSuchMethodException e) { log.error("Error trying to advise T5 https system", e); } } On Sat, May 23, 2009 at 7:02 AM, Inge Solvoll <inge.tapes...@gmail.com>wrote: > This should do the trick :) > > You can probably do the same thing more intuitively by advising the > RequestSecurityManager. I just didn't bother to change my working > implementation. > > public static void contributeAlias(Configuration<AliasContribution> > configuration, @InjectService("Request") Request request, > @InjectService("BaseURLSource") BaseURLSource baseURLSource) { > RequestSecurityManager manager = new MyRequestSecurityManager(request, > baseURLSource); > > configuration.add(AliasContribution.create(RequestSecurityManager.class, > manager)); > } > > public class MyRequestSecurityManager implements RequestSecurityManager { > > private final Request request; > private final BaseURLSource baseURLSource; > > public MyRequestSecurityManager(Request request, BaseURLSource > baseURLSource) { > this.request = request; > this.baseURLSource = baseURLSource; > } > > public boolean checkForInsecureRequest(String pageName) throws > IOException { > return false; > } > > public String getBaseURL(String pageName) { > return baseURLSource.getBaseURL(request.isSecure()); > > } > } > > > On Sat, May 23, 2009 at 5:32 AM, kartweel <r...@exemail.com.au> wrote: > >> >> Hi, >> >> I basically want to switch off tapestry's auto switching between secure >> and >> non-secure and keep it in the same "mode" as the current request instead >> of >> generating full URLs and changing it to http. I need internal access via >> http or https and external access firewalled to allow https only. >> >> I could just override the base Url as in the docs >> (http://tapestry.apache.org/tapestry5.1/guide/secure.html) but what I >> really >> need is just to turn off/modify the feature so once in https, everything >> is >> https. >> >> Anyone got any pointers? >> >> Cheers, >> >> Ryan >> -- >> View this message in context: >> http://www.nabble.com/Staying-in-secure-or-non-secure-mode-rather-than-autoswitching-based-on-%40secure-tp23681100p23681100.html >> Sent from the Tapestry - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> >> >