You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Angelo Matarazzo <ma...@gmail.com> on 2009/04/01 11:23:15 UTC
Re: Problem with https
Hi Adrian, David,
for my project at the first I wouldn't use certificate or self-certified
certificate.
Before security improvement, I only setted https="false" in url.properties
file and I had no problem about certificates and secure connections. After
security improvement, I thought it would be a good idea to include in a
.properties(ie securityService.properties) file a property like
httpsService="false" (default is "true" ) in order to choose whether use or
not SSL and secure URLs.
In this way ConfigXml.java is
+private String
securityService=UtilProperties.getPropertyValue("securityService.properties",
"httpsService");
+if (securityElement != null) {
+ if ("false".equals(securityService))
+ this.securityHttps = false;
+ else {
+ this.securityHttps =
"true".equals(securityElement.getAttribute("https"));
+ }
What do you think about this idea?
Angelo Matarazzo wrote:
>
> Hello, Everyone
> I have seen the new security improvement, but I would like to know if
> there is a global property in order to ignore https="true" for every
> request.
>
> To ignore https in every controller.xml, I have set https=N in
> url.properties
> and I have also modified ConfigXml.java in this way
>
> - if (securityElement != null) {
> - this.securityHttps =
> "true".equals(securityElement.getAttribute("https"));
>
> + if (securityElement != null) {
> + this.securityHttps = false;
>
> So I don't use secure URLs.
> Waht do you think about global property and my solution?
> Any advice would be greatly appreciated.
> Thank you
>
--
View this message in context: http://www.nabble.com/Problem-with-https-tp22810404p22822761.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Problem with https
Posted by David E Jones <da...@hotwaxmedia.com>.
I'm not sure if I understand what you're running into. What would be
most helpful to make progress on this is if you describe the problem
you're having, and then hopefully this proposed solution to the
problem would make more sense. In the problem description please
include steps to reproduce, and a description of the error or other
unexpected behavior you're seeing so that it is possible for someone
else to try to reproduce this, and know whether or not they have
successfully reproduced it.
The problem part is the most important thing, but more details about
your proposed changes would be helpful too. For example, there is no
"ConfigXml.java" file, and in your code change snippets there are no
line numbers.
-David
On Apr 1, 2009, at 3:23 AM, Angelo Matarazzo wrote:
>
> Hi Adrian, David,
> for my project at the first I wouldn't use certificate or self-
> certified
> certificate.
> Before security improvement, I only setted https="false" in
> url.properties
> file and I had no problem about certificates and secure connections.
> After
> security improvement, I thought it would be a good idea to include
> in a
> .properties(ie securityService.properties) file a property like
> httpsService="false" (default is "true" ) in order to choose whether
> use or
> not SSL and secure URLs.
> In this way ConfigXml.java is
>
> +private String
> securityService
> =UtilProperties.getPropertyValue("securityService.properties",
> "httpsService");
>
> +if (securityElement != null) {
> + if ("false".equals(securityService))
> + this.securityHttps = false;
> + else {
> + this.securityHttps =
> "true".equals(securityElement.getAttribute("https"));
> + }
>
>
> What do you think about this idea?
>
>
> Angelo Matarazzo wrote:
>>
>> Hello, Everyone
>> I have seen the new security improvement, but I would like to know if
>> there is a global property in order to ignore https="true" for every
>> request.
>>
>> To ignore https in every controller.xml, I have set https=N in
>> url.properties
>> and I have also modified ConfigXml.java in this way
>>
>> - if (securityElement != null) {
>> - this.securityHttps =
>> "true".equals(securityElement.getAttribute("https"));
>>
>> + if (securityElement != null) {
>> + this.securityHttps = false;
>>
>> So I don't use secure URLs.
>> Waht do you think about global property and my solution?
>> Any advice would be greatly appreciated.
>> Thank you
>>
>
> --
> View this message in context: http://www.nabble.com/Problem-with-https-tp22810404p22822761.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>