On 10/11/2009 12:48, Robert Denison wrote:
Just to pick up on the point below.
If the Valve acts before the filter then I would guess my idea can't work
because the login will have already happened before I get chance to redirect to
https. Therefore meaning the login process will have happened unencrypted...
Ah, yes, indeed.
p
R.
On 10 Nov 2009, at 10:42, Pid wrote:
My last stab at this is maybe I could use a scenario of filtering all requests
and essentially do:
if (logged in) {
if (https) goto http
} else {
if (http) goto https
}
And then rely on the security constraint only for requiring login and the Valve
only for forwarding the request to the login page?
This would probably work out OK, (just remember that the Filter will work at a
level above/after the Valve has a chance to act).
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
