Re: SSL pages and links

Sat, 21 Feb 2009 05:12:00 -0800 

Only a cent: <security-constraint> on web.xml can work only on certain URIs

    <security-constraint>
        <display-name>SSL</display-name>
        <web-resource-collection>
            <web-resource-name>Make sure login path is
secured</web-resource-name>
            <description>We like ssl web services</description>
            <url-pattern>/sec/*</url-pattern>
        </web-resource-collection>
        <web-resource-collection>
            <web-resource-name>Web Services</web-resource-name>
            <description>We like ssl web services</description>
            <url-pattern>/ws/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <description/>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
        </security-constraint>

In this application, my LoginPage is mounted under /sec/

Once logged in though, There is no way back from https to http.

Marcelo

On Fri, Feb 20, 2009 at 7:04 PM, novotny <novo...@gridsphere.org> wrote:
>
>
> Hi,
>
> I need to secure some pages as well as providing a login link that uses
> HTTPS. I read thru the document
> http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html  but it seems
> there are several approaches and various source code some of which doesn't
> compile. I am using wicket 1.4 with generics support. Can someone please
> share with me there working configuration for setting secure links and
> pages? Also this is such a critical piece of functionality for any
> enterprise site that maybe one of the wicket gurus could cleanup the
> documentation or even provide classes as part of the core wicket code to do
> this kind of thing.
> For the record, I tried the very last approach "Edit (Wicket 1.3.x)
> alternative:", but it seems to ignore my components that are not pages that
> are annotated with @RequireSSL (e.g. I created a SecureBookmarkablePageLink
> that extends BookmarkablePageLink and has the annotation at the top)
>
> Thanks, Jason
> --
> View this message in context: 
> http://www.nabble.com/SSL-pages-and-links-tp22130162p22130162.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>



-- 
Marcelo Morales

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Reply via email to