You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lenya.apache.org by Andreas Hartmann <an...@apache.org> on 2008/02/26 21:50:14 UTC
Link rewriting and SSL
Hi Lenya devs,
when rewriting links, we take the SSL setting of the corresponding
policy into account (see OutgoingLinkRewriter.rewrite(url)). I have the
feeling that this is (a) not necessary and (b) even harmful because it
adds a performance overhead.
I think that the link rewriter should only consider the SSL setting of
the current request (request.isSecure()) to select the proxy. This way
unnecessary redirects from http to https can be avoided. The actual
protection of the page (i.e. the redirect to https if necessary) is done
by the SslRedirectAction as soon as a protected page is requested. I
guess the code in OutgoingLinkRewriter was already used before the
SslRedirectAction existed.
Currently we check the policies of all links in a page. I didn't do any
profiling on this issue recently, but I can imagine that this might be
quite expensive.
WDYT? Is it necessary to check the SSL setting of the target when
creating a link?
-- Andreas
--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
Tel.: +41 (0) 43 818 57 01
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org