Re: WebObjects 5.4(.1) and https
Re: WebObjects 5.4(.1) and https
- Subject: Re: WebObjects 5.4(.1) and https
- From: Serge Cohen <email@hidden>
- Date: Sat, 29 Mar 2008 10:05:42 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Mike;
I've ust done that (adding the code you mention to
Application.didFinishLaunching), and now the problem is not there
anymore. So indeed it seems that the faulty code is sitting in
ERXWOForm ...
Then I had a look in the Wonder's code for ERXWOForm, and looking at
the different places where 'secure' or '_secure' are used I have the
impression that if the binding is not set than (_secure==null) then
secure is set to false ... rather than context.isSecure()
Would it help for a quick fix if I provide a reduced application
demonstrating the bug ?
Cheers;
Serge.
Le 28 mars 08 à 19:57, Mike Schrag a écrit :
oh good god no ... you can probably
ERXPatcher.setClassForName(WOForm.class, "WOForm");
in your didFinishLaunching ...
On Mar 28, 2008, at 2:27 PM, Serge Cohen wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
How would I do that... is the only possibility is to remove all
call to Wonder in my code, and then re-build removing the Wonder's
Framework from the classpath?
Given the number of places where I'm currently using Wonder's
replacement, it would be much easier if I can only make sure that
the WOForm are indeed the WebObjects ones. I though of using full
class names, but tere is a bug in 5.4 that prevent dotted names in
the wod file ...
Obvioulsy if there is no other way, I'll go the 'hard' way,
removing all references to Wonder in my code and rebuilding ...
Thanks for the hint!
Serge.
PS : Indeed looking at the doc. from WOContext I had also find the
context.doesGenerateCompleteURLs() method and I already checked
that indeed it was ALWAYS returning 'NO' (under both http/https and
switching from one to the other) conditions.
Le 28 mars 08 à 18:50, Mike Schrag a écrit :
Wonder does have a replacement WOForm (ERXWOForm), so it's
possible there's some issue there ... You could try taking out
Wonder's temporarily to see if the problem persists. If it does,
let me know as I'm fixing some Wonder/5.4 compatibility issues at
the moment.
ms
On Mar 28, 2008, at 1:44 PM, Mr. Pierre Frisch wrote:
I just checked and WOForm should use the result of
context.secureMode() to determine if it needs to generate secure
URLs. It is also possible to force the behavior by adding a
binding "secure=true;" and the same logic should apply It is in
fact the same code that is called.
The exact behavior is to honor the result
context.doesGenerateCompleteURLs() except if there is a change of
transport mode between the request and the current setting of the
context. To me more precise if the request was insecure but the
context is secure (context.secureMode()) then WO will generate
complete URLs. The same is true in the other direction.
Pierre
--
Pierre Frisch
email@hidden
On Mar 28, 2008, at 6:11, Serge Cohen wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Pierre;
Thanks for the quick answer. Indeed these methods do not seem to
be in the javadoc for WebObjects 5.4.1
Using it I've made a quick-check and realised that indeed the
WOContext does realise properly if it is Secure or not. In other
words, if I log the result of aContext.isSecure (be it before or
after the super.appendToResponse call) it's properly set : It's
set to NO before the redirect, and YES after.
Then I realised that indeed this URL trouble is only present in
URLS that are a form's actions. The 'normal' hyperlinks (the one
generated by WOHyperlink or WOResourceURL) are properly
generated (that is, they are never including scheme and
hotsname). Is it that the form need also to be 'informed' that
it should specifically ask for secure transport (could not find
any such indication in the documentation)?
Thanks again for the initial answer, and I hope you'll be able
to help me now that I've made the question more precise.
Serge.
Le 27 mars 08 à 11:54, Mr. Pierre Frisch a écrit :
With WO 5.4.x WOContext has gained a few method to correctly
manage the secure transport.
/**
* Return true if the context is in secure mode.
*
* @return true if in secure mode
* @since 5.4
*/
public boolean secureMode()
/**
* Puts the context in secure mode.
*
* @param value
*/
public void setSecureMode(boolean value)
WOContext should also correctly manage the complete URLs. If
the secure mode is turned on and the request was not made on
secure transport then the URL will be complete.
Cheers
Pierre
--
Pierre Frisch
email@hidden
On Mar 27, 2008, at 2:26, Serge Cohen wrote:
Oups ... just realised that I send this mail to the
"wrong" (not totally) mailing list ... It's most likelly not a
Wonder issue but rather a WebObjects 5.4 one...
Someone has the same experience than I when using redirection
to change from http to https ?
Here is the message I've sent yesterday to the Project Wonder
list ...
In the application I'm currently working on, I sometimes have
to turn to HTTPS (decision made at runtime) using the
following code in Session.appendToResponse :
public void appendToResponse(WOResponse aResponse, WOContext
aContext) {
// Shall we ask for HTTPS or HTTP (or leave the transport as
it is).
boolean tmpRequestIsSecure =
RequestAdditions.isSecure(aContext.request());
super.appendToResponse(aResponse, aContext);
if ((requireSecure && !tmpRequestIsSecure) ||
(requireNotSecure && tmpRequestIsSecure)) {
// We have to redirect towards the same page, but different
schema
String schema = (requireSecure) ? "https" : "http";
String redirectToURL = schema + "://" +
RequestAdditions.hostName(aContext.request()) +
aContext.componentActionURL();
aResponse.setStatus(302);
aResponse.setHeader(redirectToURL, "Location");
NSLog.debug.appendln("Switching schema to : " + schema + ".
Redirecting to the URL '" + redirectToURL + "'.");
}
}
Till now I was developing using WebObjects 5.3.? (+ Wonder),
and this was all working nicely. In particular, whatever this
redirect would do the URL generated by WebObjects in the html
sources would be absolute but would NOT contain the schema and
host name (in other words they'd start like '/cgi-bin/
WebObjects/Incident.woa/....')
I have just upgraded to Leopard, and hence WebObjects 5.4.1 (+
Wonder).
Now the redirect still works (when enforcing 'https' usage),
but upon such a redirection all the URL generated in the page
are now 'complete' URL, that is they contain the schema, the
hostname and then the rest (eg. 'http://foo.local/cgi-bin/WebObjects/Incident.woa/....')
. In particular, when turning to 'https' all the generated
URLs are now EXPLICITLY NON secured http ('http'). Still if
there is no-redirection the generated URLs are the same as
before (like the one generated by WO 5.3, non-complete URL,
eg. '/cgi-bin/WebObjects/Incident.woa/....').
I have tried to check the value of
aContext.doesGenerateCompleteURLs() (which in all cases is
FALSE, which to me means that all generated URL should be
absolute path without schema and hostname).
I realise that the former https bug of WebObjects 5.3 is now
fixed and it might be normal that my code is not working
anymore, but I could not find how I should change my code to
conform to the new WO version?
Any help or hint is very welcome !
Serge.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkfs7owACgkQlz6UVQtc2uxJIgCgrtzEdZdor+DIXIY15Ve/Fo8w
DcUAn1e8KcB5EStS9QKdikYbCM3pp2bV
=7LPo
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkftOHQACgkQlz6UVQtc2uwaVwCgufHNuqXRKqOPAYaStD4nADYu
dNgAn0eQD1IXFhvaDPogt9jJWdrQalzi
=LIaz
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkfuBmYACgkQlz6UVQtc2uzF1ACgok1zVTg4cbEMuNKwPucYRGvk
oE4AnRoJ1xywNosAWiCM7Cfx5wLEc1p8
=BNUx
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden