-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Pierre;
Thanks for the quick answer. Indeed these methods do not seem to be in the javadoc for WebObjects 5.4.1
Using it I've made a quick-check and realised that indeed the WOContext does realise properly if it is Secure or not. In other words, if I log the result of aContext.isSecure (be it before or after the super.appendToResponse call) it's properly set : It's set to NO before the redirect, and YES after.
Then I realised that indeed this URL trouble is only present in URLS that are a form's actions. The 'normal' hyperlinks (the one generated by WOHyperlink or WOResourceURL) are properly generated (that is, they are never including scheme and hotsname). Is it that the form need also to be 'informed' that it should specifically ask for secure transport (could not find any such indication in the documentation)?
Thanks again for the initial answer, and I hope you'll be able to help me now that I've made the question more precise.
Serge.
Le 27 mars 08 à 11:54, Mr. Pierre Frisch a écrit :
With WO 5.4.x WOContext has gained a few method to correctly manage the secure transport.
/**
* Return true if the context is in secure mode.
*
* @return true if in secure mode
* @since 5.4
*/
public boolean secureMode()
/**
* Puts the context in secure mode.
*
* @param value
*/
public void setSecureMode(boolean value)
WOContext should also correctly manage the complete URLs. If the secure mode is turned on and the request was not made on secure transport then the URL will be complete.
Cheers
Pierre
--
Pierre Frisch
email@hidden
On Mar 27, 2008, at 2:26, Serge Cohen wrote:
Oups ... just realised that I send this mail to the "wrong" (not totally) mailing list ... It's most likelly not a Wonder issue but rather a WebObjects 5.4 one...
Someone has the same experience than I when using redirection to change from http to https ?
Here is the message I've sent yesterday to the Project Wonder list ...
In the application I'm currently working on, I sometimes have to turn to HTTPS (decision made at runtime) using the following code in Session.appendToResponse :
public void appendToResponse(WOResponse aResponse, WOContext aContext) {
// Shall we ask for HTTPS or HTTP (or leave the transport as it is).
boolean tmpRequestIsSecure = RequestAdditions.isSecure(aContext.request());
super.appendToResponse(aResponse, aContext);
if ((requireSecure && !tmpRequestIsSecure) || (requireNotSecure && tmpRequestIsSecure)) {
// We have to redirect towards the same page, but different schema
String schema = (requireSecure) ? "https" : "http";
String redirectToURL = schema + "://" + RequestAdditions.hostName(aContext.request()) + aContext.componentActionURL();
aResponse.setStatus(302);
aResponse.setHeader(redirectToURL, "Location");
NSLog.debug.appendln("Switching schema to : " + schema + ". Redirecting to the URL '" + redirectToURL + "'.");
}
}
Till now I was developing using WebObjects 5.3.? (+ Wonder), and this was all working nicely. In particular, whatever this redirect would do the URL generated by WebObjects in the html sources would be absolute but would NOT contain the schema and host name (in other words they'd start like '/cgi-bin/WebObjects/Incident.woa/....')
I have just upgraded to Leopard, and hence WebObjects 5.4.1 (+ Wonder).
Now the redirect still works (when enforcing 'https' usage), but upon such a redirection all the URL generated in the page are now 'complete' URL, that is they contain the schema, the hostname and then the rest (eg. 'http://foo.local/cgi-bin/WebObjects/Incident.woa/....'). In particular, when turning to 'https' all the generated URLs are now EXPLICITLY NON secured http ('http'). Still if there is no-redirection the generated URLs are the same as before (like the one generated by WO 5.3, non-complete URL, eg. '/cgi-bin/WebObjects/Incident.woa/....').
I have tried to check the value of aContext.doesGenerateCompleteURLs() (which in all cases is FALSE, which to me means that all generated URL should be absolute path without schema and hostname).
I realise that the former https bug of WebObjects 5.3 is now fixed and it might be normal that my code is not working anymore, but I could not find how I should change my code to conform to the new WO version?
Any help or hint is very welcome !
Serge.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkfs7owACgkQlz6UVQtc2uxJIgCgrtzEdZdor+DIXIY15Ve/Fo8w
DcUAn1e8KcB5EStS9QKdikYbCM3pp2bV
=7LPo
-----END PGP SIGNATURE-----