You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by "F. Da Costa" <da...@xs4all.nl> on 2004/03/12 01:48:17 UTC
Re: Howto: turn ssl on and off (links & form done, images left)
Paul Ferraro wrote:
> Yes. As long as you are not prepopulating the form with data that needs
> to be transmitted securely, then the presentation does not have to be
> secure. The form submission will be secure as long as the form action
> specifies an https address.
Got the SecureForm ready. Comes with the suggested 'plop' funcionality.
The only thing left now is to get Jetty to actually find my images again so
i can complete it.
Once finished i'll put it on the list. Maybe it could be of interest of
others or a better developer can improve upon the code. ;-)
Fermin
>
> F. Da Costa wrote:
>
>> Paul Ferraro wrote:
>>
>>> 1.) Yes. That was the intent of the code I included earlier in this
>>> correspondence. Here's an elaboration...
>>>
>>> public abstract class SecuredPage extends BasePage implements
>>> PageValidateListener
>>> {
>>> public void validatePage(PageEvent event)
>>> {
>>> if
>>> (!event.getRequestCycle().getRequestContext().getRequest().isSecure())
>>> {
>>> throw new PageRedirectException("SSLRequiredErrorPage");
>>> }
>>> // ...
>>> }
>>> }
>>
>>
>>
>> Hmm, i just finished making 5 additional secureLink(s).
>> SecurePageLink, etc. Basically i figured (but i kight be a bit off
>> here) that a page is to be used in a secured fashion (always) or its
>> not. For myself i haven't come up with a page that needs to be secure
>> on one moment and normal the next.
>>
>>>
>>> 2.) Yup. Just plop https://... into the form action.
>>>
>>> <form action="https://myserver.com/app/..." method="post">
>>> ....
>>> </form>
>>>
>>> Like I said before, I don't think there are appropriate hooks in
>>> Tapestry's Form component that would enable the generation of an
>>> absolute URL (a la AbsoluteLinkRenderer). That is why I suggested
>>> creating a custom component that extends the form component to
>>> provide this functionality. And again, I think that this a common
>>> enough requirement that it should be a feature of the framework.
>>>
>> Ok, this looks doable. Just want to make 1 thing sure before i embark
>> on another one of my infamous side-trips ;-).
>> The moment this 'secured form' is embedded in an otherwise unsecured
>> page its data gets submitted securely? Is this correct?
>>
>> Fermin
>>
>>> Let us know how it works out...
>>>
>>> Paul Ferraro
>>>
>>>
>>> F. Da Costa wrote:
>>>
>>>> Paul Ferraro wrote:
>>>>
>>>>> Cool - I didn't know that existed. The equivalent mechanism for
>>>>> customizing form actions is still unknown to me - Form components
>>>>> don't have renderer hooks. Let me know if you come across anything.
>>>>>
>>>>> To get Jetty to respond to SSL requests, you need to add the
>>>>> appropriate listener to your jetty.xml or customer jetty config
>>>>> file. The default config file in $JETTY_HOME/etc/jetty.xml
>>>>> includes a commented-out sample SSL listener:
>>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>>> - -->
>>>>> <!-- Add a HTTPS SSL listener on port
>>>>> 8443 -->
>>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>>> - -->
>>>>> <!-- UNCOMMENT TO ACTIVATE
>>>>> <Call name="addListener">
>>>>> <Arg>
>>>>> <New class="org.mortbay.http.SunJsseListener">
>>>>> <Set name="Port">8443</Set>
>>>>> <Set name="PoolName">main</Set>
>>>>> <Set name="Keystore"><SystemProperty name="jetty.home"
>>>>> default="."/>/etc/demokeystore</Set>
>>>>> <Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
>>>>> <Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
>>>>> <Set name="NonPersistentUserAgent">MSIE 5</Set>
>>>>> </New>
>>>>> </Arg>
>>>>> </Call>
>>>>> -->
>>>>>
>>>>> You can probably figure it out from there... :)
>>>>>
>>>> I did and attached the jetty.xml.
>>>> Although i think that Geoff might actually include it into Spindle
>>>> as well (just making) life easier ;-).
>>>>
>>>> Just two more things to figure out though.
>>>>
>>>> 1. What is the easiest way to make sure that a connection stays in
>>>> ssl mode until it is ok to get out again?
>>>>
>>>> Would it suffice to create an abstract SecuredPage from which the
>>>> pages that need to be secure are derived?
>>>>
>>>> 2. If i have a form on an insecure page can i than submit it
>>>> securely. I believe it can be done 'normally' by throwing it at a
>>>> 'secure' servlet but i'm admittedly hazy on this. An example of this
>>>> would be the large style.tigris.org page in which they reserve the
>>>> top right corner for login purposes.
>>>>
>>>> Any takers?
>>>>
>>>> TIA
>>>>
>>>> Fermin
>>>>
>>>>
>>>>> Paul Ferraro
>>>>>
>>>>> F. Da Costa wrote:
>>>>>
>>>>>> Paul Ferraro wrote:
>>>>>>
>>>>>>> That's a great question actually.
>>>>>>> I don't think tapestry has simple hooks in the Form and various
>>>>>>> link components to change the url scheme (i.e. http -> https).
>>>>>>> For the links
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> <?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Mort Bay
>>>> Consulting//DTD Configure 1.2//EN"
>>>> "http://jetty.mortbay.org/configure_1_2.dtd">
>>>>
>>>>
>>>>
>>>> <!-- ===============================================================
>>>> -->
>>>> <!-- Configure the Jetty Server
>>>> -->
>>>> <!-- ===============================================================
>>>> -->
>>>> <Configure class="org.mortbay.jetty.Server">
>>>>
>>>> <!--
>>>> =============================================================== -->
>>>> <!-- Configure the Request
>>>> Listeners -->
>>>> <!--
>>>> =============================================================== -->
>>>>
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- Add and configure a HTTP listener to port
>>>> 8080 -->
>>>> <!-- The default port can be changed using: java
>>>> -Djetty.port=80 -->
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <Call name="addListener">
>>>> <Arg>
>>>> <New class="org.mortbay.http.SocketListener">
>>>> <Set name="Port"><SystemProperty name="jetty.port"
>>>> default="8080"/></Set>
>>>> <Set name="MinThreads">10</Set>
>>>> <Set name="MaxThreads">100</Set>
>>>> <Set name="MaxIdleTimeMs">30000</Set>
>>>> <Set name="LowResourcePersistTimeMs">5000</Set>
>>>> <Set name="ConfidentialPort">8443</Set>
>>>> <Set name="IntegralPort">8443</Set>
>>>> </New>
>>>> </Arg>
>>>> </Call>
>>>>
>>>>
>>>>
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- Add a HTTPS SSL listener on port
>>>> 8443 -->
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- UNCOMMENT TO ACTIVATE -->
>>>> <Call name="addListener">
>>>> <Arg>
>>>> <New class="org.mortbay.http.SunJsseListener">
>>>> <Set name="Port">8443</Set>
>>>> <Set name="MinThreads">5</Set>
>>>> <Set name="MaxThreads">100</Set>
>>>> <Set name="MaxIdleTimeMs">30000</Set>
>>>> <Set name="LowResourcePersistTimeMs">2000</Set>
>>>> <Set name="Keystore"><SystemProperty name="jetty.home"
>>>> default="."/>/etc/demokeystore</Set>
>>>> <Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
>>>> <Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
>>>> </New>
>>>> </Arg>
>>>> </Call>
>>>>
>>>>
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- Add a AJP13 listener on port
>>>> 8009 -->
>>>> <!-- This protocol can be used with mod_jk in apache, IIS
>>>> etc. -->
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- UNCOMMENT TO ACTIVATE
>>>> <Call name="addListener">
>>>> <Arg>
>>>> <New class="org.mortbay.http.ajp.AJP13Listener">
>>>> <Set name="Port">8009</Set>
>>>> <Set name="MinThreads">5</Set>
>>>> <Set name="MaxThreads">20</Set>
>>>> <Set name="MaxIdleTimeMs">0</Set>
>>>> <Set name="confidentialPort">443</Set>
>>>> </New>
>>>> </Arg>
>>>> </Call>
>>>> -->
>>>>
>>>> <!--
>>>> =============================================================== -->
>>>> <!-- Configure the
>>>> Contexts -->
>>>> <!--
>>>> =============================================================== -->
>>>>
>>>>
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- Add a all web application within the webapps
>>>> directory. -->
>>>> <!-- + No virtual host
>>>> specified -->
>>>> <!-- + Look in the webapps directory relative to jetty.home or
>>>> . -->
>>>> <!-- + Use the webdefault.xml resource for the defaults
>>>> descriptor -->
>>>> <!-- + Upack the war
>>>> file -->
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!--Set name="rootWebApp">app</Set>
>>>> <Call name="addWebApplications">
>>>> <Arg>context</Arg>
>>>> <Arg><SystemProperty name="jetty.home"
>>>> default="."/>file://../eclipse3/workspace/tests/context/</Arg>
>>>> <Arg>org/mortbay/jetty/servlet/webdefault.xml</Arg>
>>>> <Arg>context/WEB-INF/web.xml</Arg>
>>>> <Arg type="boolean">true</Arg>
>>>> </Call-->
>>>>
>>>>
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- Add and configure a specific web
>>>> application -->
>>>> <!-- + Set Unpack WAR
>>>> files -->
>>>> <!-- + Set Default Descriptor. Resource, file or
>>>> URL -->
>>>> <!-- + Set Virtual Hosts. A Null host or empty array means all
>>>> hosts -->
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- UNCOMMENT TO ACTIVATE -->
>>>> <Call name="addWebApplication">
>>>> <Arg>localhost</Arg>
>>>> <Arg>/</Arg>
>>>> <Arg>/</Arg>
>>>>
>>>> <Set name="extractWAR">false</Set>
>>>> <Set name="defaultsDescriptor">./context/WEB-INF/web.xml</Set>
>>>>
>>>> <!--Set name="virtualHosts">
>>>> <Array type="java.lang.String">
>>>> <Item>127.0.0.1</Item>
>>>> <Item>localhost</Item>
>>>> </Array>
>>>> </Set-->
>>>> </Call>
>>>>
>>>> <!--
>>>> =============================================================== -->
>>>> <!-- Configure the Request
>>>> Log -->
>>>> <!--
>>>> =============================================================== -->
>>>> <Set name="RequestLog">
>>>> <New class="org.mortbay.http.NCSARequestLog">
>>>> <Arg><SystemProperty name="jetty.home"
>>>> default="."/>/logs/yyyy_mm_dd.request.log</Arg>
>>>> <Set name="retainDays">90</Set>
>>>> <Set name="append">true</Set>
>>>> <Set name="extended">false</Set>
>>>> <Set name="buffered">false</Set>
>>>> <Set name="LogTimeZone">GMT</Set>
>>>> </New>
>>>> </Set>
>>>>
>>>> <!--
>>>> =============================================================== -->
>>>> <!-- Configure the Other Server
>>>> Options -->
>>>> <!--
>>>> =============================================================== -->
>>>> <Set name="requestsPerGC">2000</Set>
>>>> <Set name="statsOn">true</Set>
>>>>
>>>> </Configure>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org