You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Inge Solvoll <in...@gmail.com> on 2009/05/23 07:02:48 UTC
Re: Staying in secure or non-secure mode rather than autoswitching
based on @secure
This should do the trick :)
You can probably do the same thing more intuitively by advising the
RequestSecurityManager. I just didn't bother to change my working
implementation.
public static void contributeAlias(Configuration<AliasContribution>
configuration, @InjectService("Request") Request request,
@InjectService("BaseURLSource") BaseURLSource baseURLSource) {
RequestSecurityManager manager = new MyRequestSecurityManager(request,
baseURLSource);
configuration.add(AliasContribution.create(RequestSecurityManager.class,
manager));
}
public class MyRequestSecurityManager implements RequestSecurityManager {
private final Request request;
private final BaseURLSource baseURLSource;
public MyRequestSecurityManager(Request request, BaseURLSource
baseURLSource) {
this.request = request;
this.baseURLSource = baseURLSource;
}
public boolean checkForInsecureRequest(String pageName) throws IOException
{
return false;
}
public String getBaseURL(String pageName) {
return baseURLSource.getBaseURL(request.isSecure());
}
}
On Sat, May 23, 2009 at 5:32 AM, kartweel <rh...@exemail.com.au> wrote:
>
> Hi,
>
> I basically want to switch off tapestry's auto switching between secure and
> non-secure and keep it in the same "mode" as the current request instead of
> generating full URLs and changing it to http. I need internal access via
> http or https and external access firewalled to allow https only.
>
> I could just override the base Url as in the docs
> (http://tapestry.apache.org/tapestry5.1/guide/secure.html) but what I
> really
> need is just to turn off/modify the feature so once in https, everything is
> https.
>
> Anyone got any pointers?
>
> Cheers,
>
> Ryan
> --
> View this message in context:
> http://www.nabble.com/Staying-in-secure-or-non-secure-mode-rather-than-autoswitching-based-on-%40secure-tp23681100p23681100.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
Re: Staying in secure or non-secure mode rather than autoswitching
based on @secure
Posted by Inge Solvoll <in...@gmail.com>.
Haven't tested this one, but it looks simple and ok to me.
public static void adviseRequestSecurityManager(MethodAdviceReceiver
receiver, final Request request, final BaseURLSource baseURLSource, Logger
log) {
try {
Method checkForInsecureRequest =
receiver.getInterface().getMethod("checkForInsecureRequest", String.class);
receiver.adviseMethod(checkForInsecureRequest, new MethodAdvice() {
public void advise(Invocation invocation) {
invocation.overrideResult(false);
}
});
Method getBaseURL = receiver.getInterface().getMethod("getBaseURL",
String.class);
receiver.adviseMethod(getBaseURL, new MethodAdvice() {
public void advise(Invocation invocation) {
String url = baseURLSource.getBaseURL(request.isSecure());
invocation.overrideResult(url);
}
});
}
catch (NoSuchMethodException e) {
log.error("Error trying to advise T5 https system", e);
}
}
On Sat, May 23, 2009 at 7:02 AM, Inge Solvoll <in...@gmail.com>wrote:
> This should do the trick :)
>
> You can probably do the same thing more intuitively by advising the
> RequestSecurityManager. I just didn't bother to change my working
> implementation.
>
> public static void contributeAlias(Configuration<AliasContribution>
> configuration, @InjectService("Request") Request request,
> @InjectService("BaseURLSource") BaseURLSource baseURLSource) {
> RequestSecurityManager manager = new MyRequestSecurityManager(request,
> baseURLSource);
>
> configuration.add(AliasContribution.create(RequestSecurityManager.class,
> manager));
> }
>
> public class MyRequestSecurityManager implements RequestSecurityManager {
>
> private final Request request;
> private final BaseURLSource baseURLSource;
>
> public MyRequestSecurityManager(Request request, BaseURLSource
> baseURLSource) {
> this.request = request;
> this.baseURLSource = baseURLSource;
> }
>
> public boolean checkForInsecureRequest(String pageName) throws
> IOException {
> return false;
> }
>
> public String getBaseURL(String pageName) {
> return baseURLSource.getBaseURL(request.isSecure());
>
> }
> }
>
>
> On Sat, May 23, 2009 at 5:32 AM, kartweel <rh...@exemail.com.au> wrote:
>
>>
>> Hi,
>>
>> I basically want to switch off tapestry's auto switching between secure
>> and
>> non-secure and keep it in the same "mode" as the current request instead
>> of
>> generating full URLs and changing it to http. I need internal access via
>> http or https and external access firewalled to allow https only.
>>
>> I could just override the base Url as in the docs
>> (http://tapestry.apache.org/tapestry5.1/guide/secure.html) but what I
>> really
>> need is just to turn off/modify the feature so once in https, everything
>> is
>> https.
>>
>> Anyone got any pointers?
>>
>> Cheers,
>>
>> Ryan
>> --
>> View this message in context:
>> http://www.nabble.com/Staying-in-secure-or-non-secure-mode-rather-than-autoswitching-based-on-%40secure-tp23681100p23681100.html
>> Sent from the Tapestry - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>
Re: Staying in secure or non-secure mode rather than autoswitching
based on @secure
Posted by kartweel <rh...@exemail.com.au>.
Cheers,
I changed this to return null instead too.
public String getBaseURL(String pageName) {
return baseURLSource.getBaseURL(request.isSecure());
}
Ryan
Inge Solvoll-2 wrote:
>
> This should do the trick :)
>
> You can probably do the same thing more intuitively by advising the
> RequestSecurityManager. I just didn't bother to change my working
> implementation.
>
> public static void contributeAlias(Configuration<AliasContribution>
> configuration, @InjectService("Request") Request request,
> @InjectService("BaseURLSource") BaseURLSource baseURLSource) {
> RequestSecurityManager manager = new MyRequestSecurityManager(request,
> baseURLSource);
>
> configuration.add(AliasContribution.create(RequestSecurityManager.class,
> manager));
> }
>
> public class MyRequestSecurityManager implements RequestSecurityManager {
>
> private final Request request;
> private final BaseURLSource baseURLSource;
>
> public MyRequestSecurityManager(Request request, BaseURLSource
> baseURLSource) {
> this.request = request;
> this.baseURLSource = baseURLSource;
> }
>
> public boolean checkForInsecureRequest(String pageName) throws
> IOException
> {
> return false;
> }
>
> public String getBaseURL(String pageName) {
> return baseURLSource.getBaseURL(request.isSecure());
> }
> }
>
>
--
View this message in context: http://www.nabble.com/Staying-in-secure-or-non-secure-mode-rather-than-autoswitching-based-on-%40secure-tp23681100p23682272.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org