Haven't tested this one, but it looks simple and ok to me.
public static void adviseRequestSecurityManager(MethodAdviceReceiver
receiver, final Request request, final BaseURLSource baseURLSource, Logger
log) {
try {
Method checkForInsecureRequest =
receiver.getInterface().getMethod("checkForInsecureRequest", String.class);
receiver.adviseMethod(checkForInsecureRequest, new MethodAdvice() {
public void advise(Invocation invocation) {
invocation.overrideResult(false);
}
});
Method getBaseURL = receiver.getInterface().getMethod("getBaseURL",
String.class);
receiver.adviseMethod(getBaseURL, new MethodAdvice() {
public void advise(Invocation invocation) {
String url = baseURLSource.getBaseURL(request.isSecure());
invocation.overrideResult(url);
}
});
}
catch (NoSuchMethodException e) {
log.error("Error trying to advise T5 https system", e);
}
}
On Sat, May 23, 2009 at 7:02 AM, Inge Solvoll <inge.tapes...@gmail.com>wrote:
> This should do the trick :)
>
> You can probably do the same thing more intuitively by advising the
> RequestSecurityManager. I just didn't bother to change my working
> implementation.
>
> public static void contributeAlias(Configuration<AliasContribution>
> configuration, @InjectService("Request") Request request,
> @InjectService("BaseURLSource") BaseURLSource baseURLSource) {
> RequestSecurityManager manager = new MyRequestSecurityManager(request,
> baseURLSource);
>
> configuration.add(AliasContribution.create(RequestSecurityManager.class,
> manager));
> }
>
> public class MyRequestSecurityManager implements RequestSecurityManager {
>
> private final Request request;
> private final BaseURLSource baseURLSource;
>
> public MyRequestSecurityManager(Request request, BaseURLSource
> baseURLSource) {
> this.request = request;
> this.baseURLSource = baseURLSource;
> }
>
> public boolean checkForInsecureRequest(String pageName) throws
> IOException {
> return false;
> }
>
> public String getBaseURL(String pageName) {
> return baseURLSource.getBaseURL(request.isSecure());
>
> }
> }
>
>
> On Sat, May 23, 2009 at 5:32 AM, kartweel <r...@exemail.com.au> wrote:
>
>>
>> Hi,
>>
>> I basically want to switch off tapestry's auto switching between secure
>> and
>> non-secure and keep it in the same "mode" as the current request instead
>> of
>> generating full URLs and changing it to http. I need internal access via
>> http or https and external access firewalled to allow https only.
>>
>> I could just override the base Url as in the docs
>> (http://tapestry.apache.org/tapestry5.1/guide/secure.html) but what I
>> really
>> need is just to turn off/modify the feature so once in https, everything
>> is
>> https.
>>
>> Anyone got any pointers?
>>
>> Cheers,
>>
>> Ryan
>> --
>> View this message in context:
>> http://www.nabble.com/Staying-in-secure-or-non-secure-mode-rather-than-autoswitching-based-on-%40secure-tp23681100p23681100.html
>> Sent from the Tapestry - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
>> For additional commands, e-mail: users-h...@tapestry.apache.org
>>
>>
>
