Re: WebObjects 5.4(.1) and https
Re: WebObjects 5.4(.1) and https
- Subject: Re: WebObjects 5.4(.1) and https
- From: Serge Cohen <email@hidden>
- Date: Fri, 28 Mar 2008 14:11:40 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Pierre;
Thanks for the quick answer. Indeed these methods do not seem to be in
the javadoc for WebObjects 5.4.1
Using it I've made a quick-check and realised that indeed the
WOContext does realise properly if it is Secure or not. In other
words, if I log the result of aContext.isSecure (be it before or after
the super.appendToResponse call) it's properly set : It's set to NO
before the redirect, and YES after.
Then I realised that indeed this URL trouble is only present in URLS
that are a form's actions. The 'normal' hyperlinks (the one generated
by WOHyperlink or WOResourceURL) are properly generated (that is, they
are never including scheme and hotsname). Is it that the form need
also to be 'informed' that it should specifically ask for secure
transport (could not find any such indication in the documentation)?
Thanks again for the initial answer, and I hope you'll be able to help
me now that I've made the question more precise.
Serge.
Le 27 mars 08 à 11:54, Mr. Pierre Frisch a écrit :
With WO 5.4.x WOContext has gained a few method to correctly manage
the secure transport.
/**
* Return true if the context is in secure mode.
*
* @return true if in secure mode
* @since 5.4
*/
public boolean secureMode()
/**
* Puts the context in secure mode.
*
* @param value
*/
public void setSecureMode(boolean value)
WOContext should also correctly manage the complete URLs. If the
secure mode is turned on and the request was not made on secure
transport then the URL will be complete.
Cheers
Pierre
--
Pierre Frisch
email@hidden
On Mar 27, 2008, at 2:26, Serge Cohen wrote:
Oups ... just realised that I send this mail to the "wrong" (not
totally) mailing list ... It's most likelly not a Wonder issue but
rather a WebObjects 5.4 one...
Someone has the same experience than I when using redirection to
change from http to https ?
Here is the message I've sent yesterday to the Project Wonder
list ...
In the application I'm currently working on, I sometimes have to
turn to HTTPS (decision made at runtime) using the following code
in Session.appendToResponse :
public void appendToResponse(WOResponse aResponse, WOContext
aContext) {
// Shall we ask for HTTPS or HTTP (or leave the transport as it is).
boolean tmpRequestIsSecure =
RequestAdditions.isSecure(aContext.request());
super.appendToResponse(aResponse, aContext);
if ((requireSecure && !tmpRequestIsSecure) || (requireNotSecure
&& tmpRequestIsSecure)) {
// We have to redirect towards the same page, but different schema
String schema = (requireSecure) ? "https" : "http";
String redirectToURL = schema + "://" +
RequestAdditions.hostName(aContext.request()) +
aContext.componentActionURL();
aResponse.setStatus(302);
aResponse.setHeader(redirectToURL, "Location");
NSLog.debug.appendln("Switching schema to : " + schema + ".
Redirecting to the URL '" + redirectToURL + "'.");
}
}
Till now I was developing using WebObjects 5.3.? (+ Wonder), and
this was all working nicely. In particular, whatever this redirect
would do the URL generated by WebObjects in the html sources would
be absolute but would NOT contain the schema and host name (in
other words they'd start like '/cgi-bin/WebObjects/
Incident.woa/....')
I have just upgraded to Leopard, and hence WebObjects 5.4.1 (+
Wonder).
Now the redirect still works (when enforcing 'https' usage), but
upon such a redirection all the URL generated in the page are now
'complete' URL, that is they contain the schema, the hostname and
then the rest (eg. 'http://foo.local/cgi-bin/WebObjects/Incident.woa/....')
. In particular, when turning to 'https' all the generated URLs are
now EXPLICITLY NON secured http ('http'). Still if there is no-
redirection the generated URLs are the same as before (like the one
generated by WO 5.3, non-complete URL, eg. '/cgi-bin/WebObjects/
Incident.woa/....').
I have tried to check the value of
aContext.doesGenerateCompleteURLs() (which in all cases is FALSE,
which to me means that all generated URL should be absolute path
without schema and hostname).
I realise that the former https bug of WebObjects 5.3 is now fixed
and it might be normal that my code is not working anymore, but I
could not find how I should change my code to conform to the new WO
version?
Any help or hint is very welcome !
Serge.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkfs7owACgkQlz6UVQtc2uxJIgCgrtzEdZdor+DIXIY15Ve/Fo8w
DcUAn1e8KcB5EStS9QKdikYbCM3pp2bV
=7LPo
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden