Re: SSL on url demand

Wed, 09 Mar 2016 18:37:21 -0800 

The simple answer is - the whole world is being moved to HTTPS very rapidly so 
just go with it, for EVERY request. See 
http://motherboard.vice.com/read/google-will-soon-shame-all-websites-that-are-unencrypted-chrome-https

To do this, in your AppModule just set 

        configuration.add(MetaDataConstants.SECURE_PAGE, "true”);

then in production, staging, UAT, etc. set this system property...

        -Dtapestry.secure-enabled=true

and in development you might like to turn it off…

        -Dtapestry.secure-enabled=false

Alternatively, if you really must allow some requests to use HTTP, then follow 
the tips in here:

        http://tapestry.apache.org/https.html

HTH,

Geoff

> On 9 Mar 2016, at 9:56 PM, h3ph3st0s <[email protected]> wrote:
> 
> Hi,
> 
> I built a small tapestry page under jboss. I read that in order to apply SSL 
> I had to either put @Secure annotation or configure with
> configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> 
> Everything is ok with that, but my issue how can I make this to be 
> reconfigured each time depending the url if it has "http" or "https" and 
> without restarting application server.
> 
> The request is that the application should be accessed with or without SSL. 
> Jboss is configured ok. But I am stack with this hardcoded "true".
> 
> Can I override it ?
> Is there any other workaround ?
> 
> Just for clarification I wanted something like that ( depending on the url ) :
> String jbossDir= System.getProperty("jboss.server.base.dir");
>        System.out.println(jbossDir);
>        Properties appProp = new Properties();
>        try {
>            appProp.load(new BufferedInputStream(new 
> FileInputStream(String.format("%s/app.properties", jbossDir ) )));
>            String ssl = appProp.getProperty("SSL");
>            if ( ssl !=null ) {
>                ssl = ssl.toLowerCase().trim();
>            }
> *configuration.add(MetaDataConstants.SECURE_PAGE, ssl);*
>        } catch (FileNotFoundException e) {
>            configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>            e.printStackTrace();
>        } catch (IOException e) {
>            configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>            e.printStackTrace();
>        }*
> **
> *


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to