You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Todd O'Bryan <to...@mac.com> on 2004/10/05 12:49:34 UTC
HTTPS
How do I specify that I'd like a page to be encrypted?
I found a message on the mailing list archive that said to use the
scheme attribute, but it didn't say which element where to attach it
to. Google searches for Tapestry scheme were fruitless as was looking
in the index of Tapestry in Action for HTTPS, secure, and scheme.
(The last paragraph is included only to show that I expended some
effort before bothering the list with this. It feels like a FAQ, so I'm
surprised I can't find anything.)
Todd
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: HTTPS
Posted by Cyril Godefroy <cy...@ecomposite.fr>.
You ask your http server to handle this. It is not a Tapestry stuff.
The only thing regarding Tapestry is the generation of absolute url
with the https scheme instead of the http scheme, but that has to do
with the servlet specification.
Check
http://java.sun.com/products/servlet/2.1/api/
javax.servlet.ServletRequest.html
and
whatever:///Tapestry-3.0/web/doc/api/org/apache/tapestry/request/
RequestContext.html
Which is the tapestry wrapper around most things servlet.
eCOMPOSITE
J2EE & Multimedia
cyril@ecomposite.fr
Tel 06 63 16 45 41
Le Oct 5, 2004, à 12:49 PM, Todd O'Bryan a écrit :
> How do I specify that I'd like a page to be encrypted?
>
> I found a message on the mailing list archive that said to use the
> scheme attribute, but it didn't say which element where to attach it
> to. Google searches for Tapestry scheme were fruitless as was looking
> in the index of Tapestry in Action for HTTPS, secure, and scheme.
>
> (The last paragraph is included only to show that I expended some
> effort before bothering the list with this. It feels like a FAQ, so
> I'm surprised I can't find anything.)
>
> Todd
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
Re: HTTPS
Posted by Todd O'Bryan <to...@mac.com>.
Thanks for the update. I haven't had a chance to use it yet, but
hopefully will be soon.
Todd
On Oct 10, 2004, at 1:38 PM, F Da Costa wrote:
> Just cleaned the code up a bit. And, it can undoubtfully be improved
> upon.
> Did not have time to test it properly yet.
>
> F Da Costa wrote:
>> Hi Todd,
>> Not sure what has happened in my code (and whether you have noticed
>> it as well) but something seems to have gone funky on the attached
>> class.
>> It is required by the SecurePageLink component and it found it did
>> not render properly.
>> SecurePageLink will put the linked-to page in ssl mode. However if
>> the page (to be linked to) *always has to be* secure you want to
>> inherit it from th SecurePage class, which take care of checking the
>> secure status. If it is not it will redirect to the Home page.
>> Just thought i'd mention it.
>> Cheers,
>> Fermin DCG
>> Todd O'Bryan wrote:
>>> Thank you, Fermin. Finally, I was able to download your classes that
>>> implement secure versions of forms, links, and pages.
>>>
>>> Shouldn't this be something in the core of Tapestry. Isn't deciding
>>> which pages/parts of pages need to be served securely exactly the
>>> kind of thing that a webapp developer should do? And since I don't
>>> have to deal with my server.xml or web.xml files because I'm using
>>> the Tapestry alternates, does it make sense for me to have to look
>>> in there to figure out how to tell my servlet container to serve
>>> pages, especially when I haven't the foggiest idea how Tapestry is
>>> going to make the URLs look anyway?
>>>
>>> Fermin seems to have the right idea. If you need a Page to be
>>> secure, have it inherit from a SecurePage class. If you want a form
>>> to be secure, have it inherit from SecureForm. Now maybe you can't
>>> guarantee that your webapp will be deployed correctly so that these
>>> are really secure, but you could have them print nasty warning
>>> messages if they weren't secure (something like, "This page is not
>>> secure. Anything you see could be intercepted easily by a third
>>> party.") which would encourage the people on the deploying end to
>>> get things right.
>>>
>>> Todd
>>>
>>> On Oct 5, 2004, at 5:50 PM, F Da Costa wrote:
>>>
>>>> Todd O'Bryan wrote:
>>>>
>>>>> How do I specify that I'd like a page to be encrypted?
>>>>> I found a message on the mailing list archive that said to use the
>>>>> scheme attribute, but it didn't say which element where to attach
>>>>> it to. Google searches for Tapestry scheme were fruitless as was
>>>>> looking in the index of Tapestry in Action for HTTPS, secure, and
>>>>> scheme.
>>>>
>>>>
>>>> I'm not sure how you searched but in the "How to use PageLink to
>>>> get to a secure HTTPS page?" thread you might find something
>>>> usefull.
>>>>
>>>> Fermin DCG
>>>>
>>>>
>>>> --------------------------------------------------------------------
>>>> -
>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail:
>>>> tapestry-user-help@jakarta.apache.org
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail:
>>> tapestry-user-help@jakarta.apache.org
>>>
>>>
>> ----------------------------------------------------------------------
>> --
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
> <secureComponents.zip>-------------------------------------------------
> --------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: HTTPS
Posted by F Da Costa <da...@xs4all.nl>.
Just cleaned the code up a bit. And, it can undoubtfully be improved upon.
Did not have time to test it properly yet.
F Da Costa wrote:
> Hi Todd,
>
> Not sure what has happened in my code (and whether you have noticed it
> as well) but something seems to have gone funky on the attached class.
>
> It is required by the SecurePageLink component and it found it did not
> render properly.
> SecurePageLink will put the linked-to page in ssl mode. However if the
> page (to be linked to) *always has to be* secure you want to inherit it
> from th SecurePage class, which take care of checking the secure status.
> If it is not it will redirect to the Home page.
>
> Just thought i'd mention it.
>
> Cheers,
> Fermin DCG
>
> Todd O'Bryan wrote:
>
>> Thank you, Fermin. Finally, I was able to download your classes that
>> implement secure versions of forms, links, and pages.
>>
>> Shouldn't this be something in the core of Tapestry. Isn't deciding
>> which pages/parts of pages need to be served securely exactly the kind
>> of thing that a webapp developer should do? And since I don't have to
>> deal with my server.xml or web.xml files because I'm using the
>> Tapestry alternates, does it make sense for me to have to look in
>> there to figure out how to tell my servlet container to serve pages,
>> especially when I haven't the foggiest idea how Tapestry is going to
>> make the URLs look anyway?
>>
>> Fermin seems to have the right idea. If you need a Page to be secure,
>> have it inherit from a SecurePage class. If you want a form to be
>> secure, have it inherit from SecureForm. Now maybe you can't guarantee
>> that your webapp will be deployed correctly so that these are really
>> secure, but you could have them print nasty warning messages if they
>> weren't secure (something like, "This page is not secure. Anything you
>> see could be intercepted easily by a third party.") which would
>> encourage the people on the deploying end to get things right.
>>
>> Todd
>>
>> On Oct 5, 2004, at 5:50 PM, F Da Costa wrote:
>>
>>> Todd O'Bryan wrote:
>>>
>>>> How do I specify that I'd like a page to be encrypted?
>>>> I found a message on the mailing list archive that said to use the
>>>> scheme attribute, but it didn't say which element where to attach it
>>>> to. Google searches for Tapestry scheme were fruitless as was
>>>> looking in the index of Tapestry in Action for HTTPS, secure, and
>>>> scheme.
>>>
>>>
>>> I'm not sure how you searched but in the "How to use PageLink to get
>>> to a secure HTTPS page?" thread you might find something usefull.
>>>
>>> Fermin DCG
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>>
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: HTTPS
Posted by F Da Costa <da...@xs4all.nl>.
Hi Todd,
Not sure what has happened in my code (and whether you have noticed it
as well) but something seems to have gone funky on the attached class.
It is required by the SecurePageLink component and it found it did not
render properly.
SecurePageLink will put the linked-to page in ssl mode. However if the
page (to be linked to) *always has to be* secure you want to inherit it
from th SecurePage class, which take care of checking the secure status.
If it is not it will redirect to the Home page.
Just thought i'd mention it.
Cheers,
Fermin DCG
Todd O'Bryan wrote:
> Thank you, Fermin. Finally, I was able to download your classes that
> implement secure versions of forms, links, and pages.
>
> Shouldn't this be something in the core of Tapestry. Isn't deciding
> which pages/parts of pages need to be served securely exactly the kind
> of thing that a webapp developer should do? And since I don't have to
> deal with my server.xml or web.xml files because I'm using the Tapestry
> alternates, does it make sense for me to have to look in there to figure
> out how to tell my servlet container to serve pages, especially when I
> haven't the foggiest idea how Tapestry is going to make the URLs look
> anyway?
>
> Fermin seems to have the right idea. If you need a Page to be secure,
> have it inherit from a SecurePage class. If you want a form to be
> secure, have it inherit from SecureForm. Now maybe you can't guarantee
> that your webapp will be deployed correctly so that these are really
> secure, but you could have them print nasty warning messages if they
> weren't secure (something like, "This page is not secure. Anything you
> see could be intercepted easily by a third party.") which would
> encourage the people on the deploying end to get things right.
>
> Todd
>
> On Oct 5, 2004, at 5:50 PM, F Da Costa wrote:
>
>> Todd O'Bryan wrote:
>>
>>> How do I specify that I'd like a page to be encrypted?
>>> I found a message on the mailing list archive that said to use the
>>> scheme attribute, but it didn't say which element where to attach it
>>> to. Google searches for Tapestry scheme were fruitless as was looking
>>> in the index of Tapestry in Action for HTTPS, secure, and scheme.
>>
>> I'm not sure how you searched but in the "How to use PageLink to get
>> to a secure HTTPS page?" thread you might find something usefull.
>>
>> Fermin DCG
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
>
Re: HTTPS
Posted by Todd O'Bryan <to...@mac.com>.
Thank you, Fermin. Finally, I was able to download your classes that
implement secure versions of forms, links, and pages.
Shouldn't this be something in the core of Tapestry. Isn't deciding
which pages/parts of pages need to be served securely exactly the kind
of thing that a webapp developer should do? And since I don't have to
deal with my server.xml or web.xml files because I'm using the Tapestry
alternates, does it make sense for me to have to look in there to
figure out how to tell my servlet container to serve pages, especially
when I haven't the foggiest idea how Tapestry is going to make the URLs
look anyway?
Fermin seems to have the right idea. If you need a Page to be secure,
have it inherit from a SecurePage class. If you want a form to be
secure, have it inherit from SecureForm. Now maybe you can't guarantee
that your webapp will be deployed correctly so that these are really
secure, but you could have them print nasty warning messages if they
weren't secure (something like, "This page is not secure. Anything you
see could be intercepted easily by a third party.") which would
encourage the people on the deploying end to get things right.
Todd
On Oct 5, 2004, at 5:50 PM, F Da Costa wrote:
> Todd O'Bryan wrote:
>> How do I specify that I'd like a page to be encrypted?
>> I found a message on the mailing list archive that said to use the
>> scheme attribute, but it didn't say which element where to attach it
>> to. Google searches for Tapestry scheme were fruitless as was looking
>> in the index of Tapestry in Action for HTTPS, secure, and scheme.
> I'm not sure how you searched but in the "How to use PageLink to get
> to a secure HTTPS page?" thread you might find something usefull.
>
> Fermin DCG
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: HTTPS
Posted by Todd O'Bryan <to...@mac.com>.
I went to Tapestry's home page. I clicked on Mailing Lists. I clicked
on Archives. I typed "HTTPS PageLink" in the search box, with both
Search Subjects and Search Body and neither one came up with this
thread. Aaaaaaaiiiiiiihhhhhh!!!!!
On the other hand, when I go to
http://marc.theaimsgroup.com/?l=tapestry-user&r=1&w=2 as suggested by
Jon Newton, the mentioned thread appears without a problem. So, why
does the official Jakarta archive suck?
Todd
On Oct 5, 2004, at 5:50 PM, F Da Costa wrote:
> Todd O'Bryan wrote:
>> How do I specify that I'd like a page to be encrypted?
>> I found a message on the mailing list archive that said to use the
>> scheme attribute, but it didn't say which element where to attach it
>> to. Google searches for Tapestry scheme were fruitless as was looking
>> in the index of Tapestry in Action for HTTPS, secure, and scheme.
> I'm not sure how you searched but in the "How to use PageLink to get
> to a secure HTTPS page?" thread you might find something usefull.
>
> Fermin DCG
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: HTTPS
Posted by F Da Costa <da...@xs4all.nl>.
Todd O'Bryan wrote:
> How do I specify that I'd like a page to be encrypted?
>
> I found a message on the mailing list archive that said to use the
> scheme attribute, but it didn't say which element where to attach it to.
> Google searches for Tapestry scheme were fruitless as was looking in the
> index of Tapestry in Action for HTTPS, secure, and scheme.
>
I'm not sure how you searched but in the "How to use PageLink to get to
a secure HTTPS page?" thread you might find something usefull.
Fermin DCG
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org