You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tapestry.apache.org by Joel Trunick <Jo...@SmartPrice.com> on 2003/06/27 17:27:31 UTC

Secure (https) or non-secure (http)

Is there a way to tell when a page is rendered whether it was requested in
Secure or non-secure format?

J

Re: Secure (https) or non-secure (http)

Posted by Mark Rose <mr...@docent.com>.

Joel Trunick wrote:

> Is there a way to tell when a page is rendered whether it was requested
> in
> Secure or non-secure format?
> 
> J
> 

Yes, but...

Short answer: You can tell when the Web server for this servlet 
container is communicating to its client using "https:" by

     cycle.getRequestContext().getRequest().isSecure()

in render() or beginResponse(), e.g.

Longer answer: If you product is sold to customers, you have much less 
control over how the product is deployed. In particular, there may be 
one or more intermediate servers between the servlet container and the 
browser: proxy servers, reverse proxy servers, etc., which can obscure 
the actual protocol used for the "long leg" of the transfer. Sometimes 
the only reliable way I've found to determine the protocol is to use 
client-side JavaScript to add a parameter to the query string or POST 
data indicating that the browser is using "https:".

Mark
-- 
Mark Rose
650.962.5665
mailto:mrose@docent.com

RE: Secure (https) or non-secure (http)

Posted by "Howard M. Lewis Ship" <hl...@attbi.com>.

That information is available from the Servlet API HttpServletRequest object.

--
Howard M. Lewis Ship
Creator, Tapestry: Java Web Components
http://jakarta.apache.org/tapestry



> -----Original Message-----
> From: Joel Trunick [mailto:Joel@SmartPrice.com] 
> Sent: Friday, June 27, 2003 11:28 AM
> To: 'Tapestry users'
> Subject: Secure (https) or non-secure (http)
> 
> 
> 
> Is there a way to tell when a page is rendered whether it was 
> requested in Secure or non-secure format?
> 
> J
>