You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Borut Bolčina <bo...@gmail.com> on 2009/03/18 12:40:39 UTC
Re: [T5] Form submission via POST and problem under HTTPS
Hello,
I am using 5.0.18 and want to conditionally deploy my web app for http
(development) and https (production) without changing source code - that is
putting @Secure on page class.
I tried
public void contributeMetaDataLocator(MappedConfiguration<String,
String> configuration,
@Symbol(SymbolConstants.PRODUCTION_MODE) boolean productionMode)
{
if (productionMode) {
configuration.add(MetaDataConstants.SECURE_PAGE, "true");
} else {
configuration.add(MetaDataConstants.SECURE_PAGE, "false");
}
}
but this does not work. If I put @Secure on my page classes the form
submission works under https in production environment. I know 5.1
introduced "configurable" @Secure but using snapshot version is not an
option.
What is wrong with the above method?
Cheers,
Borut
2008/11/13 natamah <ma...@db.com>
>
> Eric,
>
> I found a way around this, by adding a method to AppModule.java under
> com.db.dbiq.services.
>
> public void contributeMetaDataLocator(MappedConfiguration<String,String>
> configuration)
> {
> if (HttpHelper.isProduction()) {
> configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> }
> else {
> configuration.add(MetaDataConstants.SECURE_PAGE, "false");
> }
> }
>
> In my case, the production sites are secure and the development ones are
> not. You can substitute HttpHelper.isProduction() with some relevant code.
>
> There is also a way to secure individual pages by adding the @Secure
> notation but my local testing got
> disturbed when I used this notation.
>
> Hope this helps.
>
> Mahesh.
>
>
>
> Eric Ma wrote:
> >
> > Running version 5.0.15.
> >
> > Form submission works well in HTTP. Under HTTPS, T5 complains "Error:
> > Forms require that the request method be POST and that the t:formdata
> > query parameter have values.".
> >
> > It seems 5.0.15 introduced a feature to block form GET. See
> > https://issues.apache.org/jira/browse/TAPESTRY-2563.
> >
> > Any suggestions how to work around this?
> >
> > Thanks,
> >
>
> --
> View this message in context:
> http://www.nabble.com/-T5--Form-submission-via-POST-and-problem-under-HTTPS-tp19925747p20481672.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
Re: [T5] Form submission via POST and problem under HTTPS
Posted by Borut Bolčina <bo...@gmail.com>.
My bad, the code bellow works just fine, the Tomcat had a switch
-Dtapestry.production-mode=false (I was ooking at the wrong Tomcat
instance).
I think there is an error in at
http://tapestry.apache.org/tapestry5/guide/secure.html:
If you want to make your entire application secure:
public void contributeMetaDataLocator(MappedConfiguration<String,String>
configuration)
{
configuration.put(TapestryConstants.SECURE_PAGE, "true");
}
The code above does not compile under 5.0.18.
Cheers,
Borut
2009/3/18 Borut Bolčina <bo...@gmail.com>
>
> Hello,
>
> I am using 5.0.18 and want to conditionally deploy my web app for http (development) and https (production) without changing source code - that is putting @Secure on page class.
>
> I tried
>
> public void contributeMetaDataLocator(MappedConfiguration<String, String> configuration,
> @Symbol(SymbolConstants.PRODUCTION_MODE) boolean productionMode) {
> if (productionMode) {
> configuration.add(MetaDataConstants.SECURE_PAGE, "true");
> } else {
> configuration.add(MetaDataConstants.SECURE_PAGE, "false");
> }
> }
>
> but this does not work. If I put @Secure on my page classes the form submission works under https in production environment. I know 5.1 introduced "configurable" @Secure but using snapshot version is not an option.
>
> What is wrong with the above method?
>
> Cheers,
> Borut
>
> 2008/11/13 natamah <ma...@db.com>
>>
>> Eric,
>>
>> I found a way around this, by adding a method to AppModule.java under
>> com.db.dbiq.services.
>>
>> public void contributeMetaDataLocator(MappedConfiguration<String,String>
>> configuration)
>> {
>> if (HttpHelper.isProduction()) {
>> configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>> }
>> else {
>> configuration.add(MetaDataConstants.SECURE_PAGE, "false");
>> }
>> }
>>
>> In my case, the production sites are secure and the development ones are
>> not. You can substitute HttpHelper.isProduction() with some relevant code.
>>
>> There is also a way to secure individual pages by adding the @Secure
>> notation but my local testing got
>> disturbed when I used this notation.
>>
>> Hope this helps.
>>
>> Mahesh.
>>
>>
>>
>> Eric Ma wrote:
>> >
>> > Running version 5.0.15.
>> >
>> > Form submission works well in HTTP. Under HTTPS, T5 complains "Error:
>> > Forms require that the request method be POST and that the t:formdata
>> > query parameter have values.".
>> >
>> > It seems 5.0.15 introduced a feature to block form GET. See
>> > https://issues.apache.org/jira/browse/TAPESTRY-2563.
>> >
>> > Any suggestions how to work around this?
>> >
>> > Thanks,
>> >
>>
>> --
>> View this message in context: http://www.nabble.com/-T5--Form-submission-via-POST-and-problem-under-HTTPS-tp19925747p20481672.html
>> Sent from the Tapestry - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org