You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by gg...@apache.org on 2002/10/23 19:16:04 UTC
cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/util/template BaseJetspeedLink.java ContentTemplateLink.java
ggolden 2002/10/23 10:16:04
Modified: src/java/org/apache/jetspeed/util/template
BaseJetspeedLink.java ContentTemplateLink.java
Log:
Added a site level setting option to force all Jetspeed created links to be secure.
To extend Turbine's "use.ssl" for links, we can now include in the
TurbineResources.properties or JetspeedResources.properties:
force.ssl=true
If this is done, all links made with the JetspeedLink (i.e. $jlink in velocity)
or the ContextTemplateLink (i.e. $clink in velocity) will be forced to use ssl
(https).
"use.ssl" must be set to true else the force.ssl will be ignored.
If missing, this defaults to "false".
Revision Changes Path
1.16 +7 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/util/template/BaseJetspeedLink.java
Index: BaseJetspeedLink.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/util/template/BaseJetspeedLink.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- BaseJetspeedLink.java 17 Aug 2002 00:02:24 -0000 1.15
+++ BaseJetspeedLink.java 23 Oct 2002 17:16:04 -0000 1.16
@@ -937,6 +937,12 @@
if (uri == null)
uri = new DynamicURI( rundata);
+ // check if we need to force to a secure (https) link
+ if (JetspeedResources.getBoolean("force.ssl", false))
+ {
+ uri.setSecure();
+ }
+
return uri;
}
1.6 +16 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/util/template/ContentTemplateLink.java
Index: ContentTemplateLink.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/util/template/ContentTemplateLink.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ContentTemplateLink.java 3 Jan 2002 19:00:47 -0000 1.5
+++ ContentTemplateLink.java 23 Oct 2002 17:16:04 -0000 1.6
@@ -58,6 +58,7 @@
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.DynamicURI;
import org.apache.turbine.services.pull.ApplicationTool;
+import org.apache.jetspeed.services.resources.JetspeedResources;
/**
* A customized version of the DynamicURI for linking to non-servlet
@@ -91,6 +92,7 @@
public ContentTemplateLink (RunData data)
{
super(data);
+ initForceSecure();
initContextPath(data);
}
@@ -104,6 +106,7 @@
public void init(Object data)
{
super.init((RunData)data);
+ initForceSecure();
initContextPath(data);
}
@@ -127,6 +130,18 @@
* null.
*/
contextPath = "";
+ }
+ }
+
+ /**
+ * Inits the force secure setting.
+ */
+ protected void initForceSecure()
+ {
+ // check if we need to force to a secure (https) link
+ if (JetspeedResources.getBoolean("force.ssl", false))
+ {
+ setSecure();
}
}
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/util/template BaseJetspeedLink.java ContentTemplateLink.java
Posted by David Sean Taylor <da...@bluesunrise.com>.
> -----Original Message-----
> From: ggolden@apache.org [mailto:ggolden@apache.org]
> Sent: Wednesday, October 23, 2002 10:16 AM
> To: jakarta-jetspeed-cvs@apache.org
> Subject: cvs commit:
> jakarta-jetspeed/src/java/org/apache/jetspeed/util/template
> BaseJetspeedLink.java ContentTemplateLink.java
>
>
> ggolden 2002/10/23 10:16:04
>
> Modified: src/java/org/apache/jetspeed/util/template
> BaseJetspeedLink.java ContentTemplateLink.java
> Log:
> Added a site level setting option to force all Jetspeed created
> links to be secure.
>
> To extend Turbine's "use.ssl" for links, we can now include in the
> TurbineResources.properties or JetspeedResources.properties:
>
> force.ssl=true
>
> If this is done, all links made with the JetspeedLink (i.e.
> $jlink in velocity)
> or the ContextTemplateLink (i.e. $clink in velocity) will be
> forced to use ssl
> (https).
>
> "use.ssl" must be set to true else the force.ssl will be ignored.
>
> If missing, this defaults to "false".
>
Very cool.
Have you found any other issues with SSL...
I imagine we have to do the same for JSP now?
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>