You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by iv...@apache.org on 2010/08/26 23:30:59 UTC
svn commit: r989939 - in
/wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/protocol/https:
HttpsConfig.java HttpsRequestCycleProcessor.java
Author: ivaynberg
Date: Thu Aug 26 21:30:59 2010
New Revision: 989939
URL: http://svn.apache.org/viewvc?rev=989939&view=rev
Log:
Issue: WICKET-2903
Modified:
wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsConfig.java
wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsRequestCycleProcessor.java
Modified: wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsConfig.java
URL: http://svn.apache.org/viewvc/wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsConfig.java?rev=989939&r1=989938&r2=989939&view=diff
==============================================================================
--- wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsConfig.java (original)
+++ wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsConfig.java Thu Aug 26 21:30:59 2010
@@ -27,6 +27,12 @@ public class HttpsConfig
private int httpsPort = 443;
/**
+ * A flag which can be used to configure {@link HttpsRequestCycleProcessor} to bind or not the
+ * session before switching to secure (https) mode
+ */
+ private boolean preferStateful = true;
+
+ /**
* Constructor
*/
public HttpsConfig()
@@ -84,4 +90,31 @@ public class HttpsConfig
{
return httpsPort;
}
+
+ /**
+ * @see #setPreferStateful(boolean)
+ * @return preferStateless
+ */
+ public boolean isPreferStateful()
+ {
+ return preferStateful;
+ }
+
+ /**
+ * Sets whether or not a new session is created before redirecting from {@code http} to
+ * {@code https}
+ * <p>
+ * BE VERY CAREFUL WHEN SETTING THIS VALUE TO {@code false}.
+ *
+ * If set to {@code false} it is possible that the session created when in {@code https} pages
+ * will not be accessible to {@code http} pages, and so you may end up with two sessions per
+ * user both potentially containing different login information.
+ * </p>
+ *
+ * @param preferStateful
+ */
+ public void setPreferStateful(boolean preferStateful)
+ {
+ this.preferStateful = preferStateful;
+ }
}
Modified: wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsRequestCycleProcessor.java
URL: http://svn.apache.org/viewvc/wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsRequestCycleProcessor.java?rev=989939&r1=989938&r2=989939&view=diff
==============================================================================
--- wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsRequestCycleProcessor.java (original)
+++ wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsRequestCycleProcessor.java Thu Aug 26 21:30:59 2010
@@ -209,9 +209,12 @@ public class HttpsRequestCycleProcessor
@Override
public IRequestTarget resolve(RequestCycle rc, RequestParameters rp)
{
+ if (portConfig.isPreferStateful())
+ {
// we need to persist the session before a redirect to https so the session lasts across
// both http and https calls.
Session.get().bind();
+ }
IRequestTarget target = super.resolve(rc, rp);
return checkSecure(target);