You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ofbiz.apache.org by Angelo Matarazzo <ma...@gmail.com> on 2009/04/01 11:23:15 UTC

Re: Problem with https

Hi Adrian, David,
for my project  at the first I wouldn't use certificate or  self-certified
certificate.
Before security improvement, I only setted https="false" in url.properties
file and I had no problem about certificates and secure connections. After
security improvement, I thought it would be a good idea to include in a
.properties(ie securityService.properties) file a property like
httpsService="false" (default is "true" ) in order to choose whether use or
not SSL and secure URLs. 
In this way ConfigXml.java is

+private String
securityService=UtilProperties.getPropertyValue("securityService.properties",
"httpsService");

+if (securityElement != null) {
+	if ("false".equals(securityService))
+              this.securityHttps = false; 
+	else {
+	       this.securityHttps =
"true".equals(securityElement.getAttribute("https")); 
+	}

What do you think about this idea?

Angelo Matarazzo wrote:
> 
> Hello, Everyone
> I have seen the new security improvement, but I would like to know if
> there is a global property in order to ignore https="true" for every
> request.
> 
> To ignore https in every controller.xml, I have set https=N in
> url.properties
> and I have also modified ConfigXml.java in this way
> 
> -  if (securityElement != null) {
> -               this.securityHttps =
> "true".equals(securityElement.getAttribute("https"));
> 
> + if (securityElement != null) {
> +              this.securityHttps = false;
> 
> So I don't use secure URLs.
> Waht do you think about global property and my solution?
> Any advice would be greatly appreciated.  
> Thank you
> 

-- 
View this message in context: http://www.nabble.com/Problem-with-https-tp22810404p22822761.html
Sent from the OFBiz - User mailing list archive at Nabble.com.

Re: Problem with https

Posted by David E Jones <da...@hotwaxmedia.com>.

I'm not sure if I understand what you're running into. What would be  
most helpful to make progress on this is if you describe the problem  
you're having, and then hopefully this proposed solution to the  
problem would make more sense. In the problem description please  
include steps to reproduce, and a description of the error or other  
unexpected behavior you're seeing so that it is possible for someone  
else to try to reproduce this, and know whether or not they have  
successfully reproduced it.

The problem part is the most important thing, but more details about  
your proposed changes would be helpful too. For example, there is no  
"ConfigXml.java" file, and in your code change snippets there are no  
line numbers.

-David


On Apr 1, 2009, at 3:23 AM, Angelo Matarazzo wrote:

>
> Hi Adrian, David,
> for my project  at the first I wouldn't use certificate or  self- 
> certified
> certificate.
> Before security improvement, I only setted https="false" in  
> url.properties
> file and I had no problem about certificates and secure connections.  
> After
> security improvement, I thought it would be a good idea to include  
> in a
> .properties(ie securityService.properties) file a property like
> httpsService="false" (default is "true" ) in order to choose whether  
> use or
> not SSL and secure URLs.
> In this way ConfigXml.java is
>
> +private String
> securityService 
> =UtilProperties.getPropertyValue("securityService.properties",
> "httpsService");
>
> +if (securityElement != null) {
> +	if ("false".equals(securityService))
> +              this.securityHttps = false;
> +	else {
> +	       this.securityHttps =
> "true".equals(securityElement.getAttribute("https"));
> +	}
>
>
> What do you think about this idea?
>
>
> Angelo Matarazzo wrote:
>>
>> Hello, Everyone
>> I have seen the new security improvement, but I would like to know if
>> there is a global property in order to ignore https="true" for every
>> request.
>>
>> To ignore https in every controller.xml, I have set https=N in
>> url.properties
>> and I have also modified ConfigXml.java in this way
>>
>> -  if (securityElement != null) {
>> -               this.securityHttps =
>> "true".equals(securityElement.getAttribute("https"));
>>
>> + if (securityElement != null) {
>> +              this.securityHttps = false;
>>
>> So I don't use secure URLs.
>> Waht do you think about global property and my solution?
>> Any advice would be greatly appreciated.
>> Thank you
>>
>
> -- 
> View this message in context: http://www.nabble.com/Problem-with-https-tp22810404p22822761.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>