Re: SSL
Re: SSL
- Subject: Re: SSL
- From: Simon <email@hidden>
- Date: Fri, 20 Aug 2010 11:23:03 +0100
here's how we do it....
@Override
public void appendToResponse(WOResponse response, WOContext context) {
boolean enableSsl = "true".equals(System.getProperty("enableSSL"));
boolean secure = ((ERXRequest) context.request()).isSecure();
boolean pageShouldBeSecure = enableSsl ? CTSecurityPolicy.policy().getSslPages()
.contains(context.page().name()) : false;
if ((secure && !pageShouldBeSecure) || (!secure && pageShouldBeSecure)) {
// Switch the SSL mode.
ERXRedirect pg = (ERXRedirect) pageWithName(ERXRedirect.class.getName());
pg.setComponentToPage();
pg.setSecure(enableSsl ? !secure : false);
pg.appendToResponse(response, context);
} else {
super.appendToResponse(response, context);
}
}
simon
On 19 August 2010 22:31, Jerald Dawson
<email@hidden> wrote:
Hello you WONDERful people (wonder, get it? oh never mind)
I have an old site that I've been maintaining for about 7 years. I have a framework that I wrote years ago, part of which includes a subclass of WOComponent that allows you to indicate whether or not a page should be served up via https (the isSecure method returns true). Anyway, I've added a bunch of functionality to the site, thanks to project wonder, but I'm having issues with session management. I've traced it back to the funkiness that I do with the request/response in my WOComponent subclass. Since alot of what my framework does, wonder already provides, I want to just get ride of my old framework. The only thing I'm not sure about is does wonder provide any easy(er?) way to indicate whether a page should be served up securely. Is the only way to do it really to use a WORedirect or am I missing something? I'll really miss just returning true from isSecure().
Thanks in advance.
Jerald Dawson _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (
email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
References: | |
| >SSL (From: Jerald Dawson <email@hidden>) |