Re: ssl and session management
Re: ssl and session management
- Subject: Re: ssl and session management
- From: Chuck Hill <email@hidden>
- Date: Mon, 04 Oct 2004 11:50:36 -0700
At 12:37 PM 04/10/2004 -0600, Wes James wrote:
>I have been looking at webobjects 5 byJoshua Marker. I have finally,
>what appears to be working gotten ssl to work. The only way I can get
>ssl to work is by building the project and then run it from the
>command line with these as part of the line: -WOAutoOpenInBrowser NO
Not relevant.
>-WODirectConnectEnabled NO
DirectConnect and SSL are not compatbile.
>-WOPort Port#.....
Not relevant, only a convenience.
>I can then go to
>https://host/cgi-bin/WebObjects/TimeDisplay.woa/-Port#
>
>Which means it is going through https, but is it really, since it also
>needs the port# to work?
>
No, the port number is for the woadaptor to find the app. host:port# goes
around https, the above does not.
>In the book it uses an example of adding these lines to Session.java:
>
> private boolean isSecure = false;
> private boolean oldIsSecure = false;
>
>public void SetSecure(boolean newSecure) {
> oldIsSecure = isSecure;
> isSecure = newSecure;
> }
>
> public void appendToResponse(WOResponse response, WOContext context) {
> super.appendToResponse(response, context);
>
> String schema = "http://";
> if (isSecure==true) {
> schema="https://";
> }
>
> if (oldIsSecure!=isSecure) {
> System.out.println("SSL - Redirecting to " + schema);
> response.setStatus(302);
> }
>
> response.setHeader(schema + context.request().headerForKey("host") +
>context.componentActionURL(), "Location");
> }
>
>And I added this to Main.java to see if it would work:
>
> public void appendToResponse(WOResponse response, WOContext context) {
>
> ((Session)session).setSecure(true);
> super.appendToResponse(response, context);
> }
>
>But when I build it I get a build error on calling the setSecure
>method in main. That is the error is saying that setSecure can't be
>resolved.
>
>1. If I just want SSL sessions do I need this added code?
>
>2 . Why isn't setSecure seen when it exists in Session.java?
>
Check the spelling and case again.
Chuck
--
Chuck Hill email@hidden
Global Village Consulting Inc. http://www.global-village.net
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden