Re: WOHyperlink secure binding and insecure domain
Re: WOHyperlink secure binding and insecure domain
- Subject: Re: WOHyperlink secure binding and insecure domain
- From: Denis Frolov <email@hidden>
- Date: Fri, 22 Apr 2005 16:46:19 +0400
on 4/22/05 12:18 AM, Chuck Hill at email@hidden wrote:
> On Apr 20, 2005, at 11:49 PM, Denis Frolov wrote:
>
>> Thanks for you ideas,
>>
>> on 4/21/05 12:58 AM, Chuck Hill at email@hidden wrote:
>>
>>> This is not a standard arrangement so you are going to have to do some
>>> work. A couple of ideas:
>>>
>>> 1. If you are using Apache, use mod rewrite to change
>>> http://secure.foo.bar to https://secure.foo.bar and
>>> https://www.foo.bar
>>> to http://www.foo.bar
>>
>> I think I don't follow you here. WOHyperlink should move me from one
>> domain
>> to another (i.e. from www.foo.bar to secure.foo.bar). So, I would
>> assume,
>> that rewrite should do the following redirects:
>>
>> https://www.foo.bar to htts://secure.foo.bar and http://secure.foo.bar
>> to
>> http://www.foo.bar
>>
>> because "secure" binding would merely change the https to https and
>> rewrite
>> will do the redirect to another domain. Or am I missing something?
>>
> That is what I meant.
I've tried this approach but in case of mod_rewrite redirects we get a
self-signed certificate security warning from browser before being
redirected to the domain with signed certificate. While this is not good,
I've reused this idea and implemented the similar substitutions in
dispatchRequest of Application to swap urls in content and headers (in case
of redirects) for my two-domains setup. Everything seems to be working ok
now.
>> Anyway, the problem I get here is that WOHyperlink is using the ip
>> adress of
>> my dev computer instead of the one found in request url if used with
>> "secure" binding (i.e. it changes http://www.foo.bar to
>> https://192.168.0.x), which makes testing and development impossible.
>>
> Is the WOHost property set correctly? IIRC, there were some bugs in
> URL generation. I usually make my own.
I cannot use the WOHost, because my machine is behind NAT. It gets the
requests for a domain of NAT machine and the domain used in these requests
is of NAT machine (request arrives to my machine via mod_rewrite rules of
Apache on NAT machine). My local machine has private IP. While this may
sound like a strange or unusual setup, but I couldn't find another solution
to allow other users working with my dev machine from public network (which
is required to quickly fix bugs and change code in real-time)
>> I have a setup with a NAT computer with public IP having both secure
>> and www
>> domains and a rewrite that passes all the requests to these domains to
>> my
>> local dev machine in private network behind the NAT.
>>
>>> 2. Use the href binding and generate your own URLs. It is not hard.
>>
>> Can you give me an example of such generation? I've searched the lists
>> and
>> found this post:
>>
>> http://wodeveloper.com/omniLists/webobjects-dev/2001/July/msg01327.html
>>
> It is not very hard.
> 1. Choose http:// or https://
> 2. Get the host name from the request
> 3. Add the adaptor fragment, e.g. /cgi-bin/WebObjects
> 4. Add context().componentActionURL()
Using the domains substitution in dispatchRequest I've also managed to
change my local private ip to the domains used on NAT server. So, now there
is no need for manual urls generation for both Direct Actions and Component
Actions. I'm not sure, that such substitution of content in dispatchRequest
takes much time, but everything seems to be working ok now. I've also
overriden _appendCookieToResponse in Session to set the cookie for the
second level domain.
>> While this should work, it doesn't really look like an elegant
>> solution.
>> Probably, there is a more straightforward way?
>>
> Yes, use the same domain for secure and insecure requests. I don't see
> the need to have two domains for this.
You are right, two domains are not really needed... But the certificate for
secure.foo.bar is already purchased;(
> Again, I'd much prefer to have a single domain. You can set the cookie
> to the second level domain, but you are going to have to manage these
> yourself.
Is my understanding correct, that the management is covered by overriding of
_appendCookieToResponse? Or are there any other potential issues that I'm
not aware about?
Regards,
Denis.
>
> Chuck
>
>
>>>
>>> Chuck
>>>
>>> On Apr 20, 2005, at 4:01 AM, Denis Frolov wrote:
>>>
>>>> I am using two domains for secure and insecure sections on site. E.g.
>>>> I have
>>>> secure.foo.bar for secure pages and www.foo.bar for insecure pages.
>>>> What
>>>> would be the easiest solution to invoke a component action on the
>>>> secure
>>>> page leading to an insecure page. Using "secure" binding is not
>>>> enough
>>>> because the domain name remains unchanged. Is there any way to
>>>> change a
>>>> domain name along with the "http" string in the component action url
>>>> using
>>>> WOHyperlink? If not, what would be a recommended solution?
>>>>
>>>> Thanks in advance.
>>>>
>>>> ---
>>>> Denis Frolov
>>>> Media-agency DesignMaximum
>>>>
>>>> Tel: +7 863 2648211
>>>> Fax: +7 863 2645229
>>>> Web: http://www.demax.ru
>>>> Web: http://www.mactime.ru
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be ignored.
>>>> Webobjects-dev mailing list (email@hidden)
>>>> Help/Unsubscribe/Update your Subscription:
>>>> village.net
>>>>
>>>> This email sent to email@hidden
>>>>
>>
>> ---
>> Denis Frolov
>> Media-agency DesignMaximum
>>
>> Tel: +7 863 2648211
>> Fax: +7 863 2645229
>> Web: http://www.demax.ru
>> Web: http://www.mactime.ru
>>
>>
>>
>>
---
Denis Frolov
Media-agency DesignMaximum
Tel: +7 863 2648211
Fax: +7 863 2645229
Web: http://www.demax.ru
Web: http://www.mactime.ru
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden