You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by "F. Da Costa" <da...@xs4all.nl> on 2004/03/10 01:01:27 UTC
Howto: turn ssl on and off
Hi,
This might seem like a silly question but how do i make sure a user gets
into ssl mode (and out again when he's finished)? I.e. how do i activate/
deactivate ssl in Tapestry?
Looked through the list & the site but couldn't find a mention.
TIA
Fermin DCG
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Library 'https' not found in application namespace
Posted by Paul Ferraro <pm...@columbia.edu>.
You need to use RedirectException, not PageRedirectException.
PageRedirectException accepts a page name. When it sees the colon, it
thinks that https is a library. e.g. if you were referencing a page in
a library you would use: throw new
PageRedirectException("myLibrary:MyPage");
P.S. I'm in the process of responding to your last email...
Paul
F. Da Costa wrote:
> Hi,
>
> Trying to start a secure session in a plain vanilla Tap with Spindle env.
> Nothing funky going on.
>
> The subject is the error i get when i do the following:
> PageRedirectException("https://lh:8080/app?service=page/LoginWelcome");
> or
> PageRedirectException("https://lh:8443/app?service=page/LoginWelcome");
>
> Which library do i need to include?
>
> TIA
> Fermin DCG
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Library 'https' not found in application namespace
Posted by "F. Da Costa" <da...@xs4all.nl>.
Hi,
Trying to start a secure session in a plain vanilla Tap with Spindle env.
Nothing funky going on.
The subject is the error i get when i do the following:
PageRedirectException("https://lh:8080/app?service=page/LoginWelcome");
or
PageRedirectException("https://lh:8443/app?service=page/LoginWelcome");
Which library do i need to include?
TIA
Fermin DCG
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Howto: turn ssl on and off
Posted by "F. Da Costa" <da...@xs4all.nl>.
Paul Ferraro wrote:
> Cool - I didn't know that existed. The equivalent mechanism for
> customizing form actions is still unknown to me - Form components don't
> have renderer hooks. Let me know if you come across anything.
>
> To get Jetty to respond to SSL requests, you need to add the appropriate
> listener to your jetty.xml or customer jetty config file. The default
> config file in $JETTY_HOME/etc/jetty.xml includes a commented-out sample
> SSL listener:
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <!-- Add a HTTPS SSL listener on port 8443 -->
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <!-- UNCOMMENT TO ACTIVATE
> <Call name="addListener">
> <Arg>
> <New class="org.mortbay.http.SunJsseListener">
> <Set name="Port">8443</Set>
> <Set name="PoolName">main</Set>
> <Set name="Keystore"><SystemProperty name="jetty.home"
> default="."/>/etc/demokeystore</Set>
> <Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
> <Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
> <Set name="NonPersistentUserAgent">MSIE 5</Set>
> </New>
> </Arg>
> </Call>
> -->
Been there and took care of it ;-)
>
> You can probably figure it out from there... :)
Already working on that. But i'd really like to start it from eclipse as
well (same as normal). I'm getting some boring can't find this nor that
errors. :-[.
Can't believe nobody else has ever used ssl with jetty from eclipse.
Oh well, i have to have it so ...
Fermin
>
> Paul Ferraro
>
> F. Da Costa wrote:
>
>> Paul Ferraro wrote:
>>
>>> That's a great question actually.
>>> I don't think tapestry has simple hooks in the Form and various link
>>> components to change the url scheme (i.e. http -> https). For the links
>>
>>
>> Not entirely correct. Judging by the way Tapestry has been put
>> together i could not imagine that something like this had not been put
>> in place.
>> As we are talkign about a renderer i started looking through the code
>> and came across the AbsoluteLinkRenderer. Using this you can set the
>> scheme (http, https, etc) for the link. :-)
>>
>> .java
>> private static AbsoluteLinkRenderer _secureRenderer;
>> public ILinkRenderer getSecureRenderer() {
>> if (_secureRenderer==null) {
>> _secureRenderer = new AbsoluteLinkRenderer();
>> _secureRenderer. setScheme("https");
>> _secureRenderer.setPort(8443);
>> }
>> return _secureRenderer;
>> }
>>
>> .html spec
>> <a jwcid="@PageLink" href="LoginPage.html" page="LoginPage"
>> renderer="ognl:secureRenderer" target="frmMain">To login page</a><br />
>>
>> Basically this should do the trick but i can't get Jetty to respond to
>> port 443 or 8443 yet.
>>
>> I guess its done once that has been resolved.
>> Any suggestions?
>>
>> Fermin
>>
>>> anyway, you can specifiy your own custom ILinkRenderer that adds
>>> "https://" and the server domain to the url of the link's href
>>> attribute. The Form component has no such option, so you would have
>>> to create a custom component that extends org.apache.tapestry.form.Form.
>>> I think a feature request isprobably in order here.
>>> Thinking a bit further, rather than adding options to existing
>>> components, it may make sense to create a separate SSL component
>>> library (like the sslext extension in Struts:
>>> http://sslext.sourceforge.net) that includes extensions of the form
>>> and link components and maybe new BasePage and BaseComponent objects.
>>> Does anyone else have any experience with adding SSL support to
>>> tapestry generated urls? Input from a Tapestry contributer would be
>>> greatly appreciated...
>>>
>>> Paul Ferraro
>>>
>>> F. Da Costa wrote:
>>>
>>>> Paul Ferraro wrote:
>>>>
>>>>> Comments inline...
>>>>> F. Da Costa wrote:
>>>>>
>>>>>> Thx Paul for the swift reply.
>>>>>>
>>>>>> But forgive my ignorance re. this subject (never had to go there
>>>>>> before)
>>>>>>
>>>>>> Paul Ferraro wrote:
>>>>>>
>>>>>>> Use the Servlet API:
>>>>>>>
>>>>>>> if (!requestCycle.getRequestContext().getRequest().isSecure())
>>>>>>> {
>>>>>>> throw new PageRedirectException(...);
>>>>>>> }
>>>>>>>
>>>>>>> You might want to place this logic in the pageValidate(PageEvent)
>>>>>>> method of a base class for pages that require SSL. Activating
>>>>>>> SSL usually
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> The part of creating an abstract 'secure' baseclass i understand.
>>>>>> The Jetty stuff also seems pretty much ok (incl the keystore stuff
>>>>>> & keygeneration).
>>>>>>
>>>>>> The only thing that mystifies me is how the connection suddenly
>>>>>> goes into the secure mode. The PageRedirect thing i understand (i
>>>>>> think). I'm not imagining however that handing a 'secured' page to
>>>>>> the PageRedirectException will suddenly make the connection secure.
>>>>>> So, if you say Servlet API i can get the servlet and probably do
>>>>>> something with it but what. Do i need to extend the
>>>>>> ApplicationServlet?
>>>>>>
>>>>> The connection doesn't change into secure mode - rather, it is
>>>>> initiated in secure mode (i.e. url starts with https://). This is
>>>>> often done transparently to the user by redirecting a selected
>>>>> request to an https:// url,
>>>>> e.g.
>>>>> throw new RedirectException("https://www.myserver.com/app/...);
>>>>> .... but can also be done through a link or form action. The JSSE
>>>>
>>>>
>>>>
>>>>
>>>> Ahh, this is very elegant indeed (knowing Tapestry it had to be ;) )
>>>> If you say through a link or form action are you than referring to
>>>> 'putting https links in the rendered page'? If so how? Because i was
>>>> under the impression that only http:// was rendered. (granted i'm no
>>>> specialist).
>>>>
>>>> Thx again for the help. I'll make a small step through when i've got
>>>> it running properly for those that follow.
>>>>
>>>> Fermin
>>>>
>>>>
>>>>> listener will pick up the requests (typically port 443),
>>>>> authenticate the request, then pass the request off to your
>>>>> application. The servlet API was designed such that both secure
>>>>> and non-secure request look the same to a servlet, other than the
>>>>> value returned from javax.servlet.ServletRequest.isSecure().
>>>>>
>>>>> The code excerpt I included in the previous email was not meant to
>>>>> suddenly make the connection secure. Sorry for the confusion. It
>>>>> is simply a filter to ensure that the current request is using
>>>>> SSL. The PageRedirectException from the excerpt was meant to
>>>>> direct non-secure requests to some error page.
>>>>>
>>>>> Hope this helps,
>>>>>
>>>>> Paul
>>>>>
>>>>>> As you can see i am only partly following your suggestion.
>>>>>>
>>>>>>> requires a special socket listener in your servlet container
>>>>>>> (e.g. for Jetty you would configure a
>>>>>>> org.mortbay.http.SunJsseListener). See your server's
>>>>>>> documentation for details.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> This bit is fine.
>>>>>>
>>>>>> I have an abstract class defined with the pageValidate stuff in
>>>>>> there.
>>>>>> I have got a handle on the servlet.
>>>>>>
>>>>>> And not a clue as to what to do next (though i reckon its not too
>>>>>> horrid) :-{
>>>>>> Hope there's a bit more help to spare.
>>>>>>
>>>>>> TIA
>>>>>>
>>>>>> Fermin
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> Paul Ferraro
>>>>>>>
>>>>>>> F. Da Costa wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> This might seem like a silly question but how do i make sure a
>>>>>>>> user gets into ssl mode (and out again when he's finished)? I.e.
>>>>>>>> how do i activate/ deactivate ssl in Tapestry?
>>>>>>>>
>>>>>>>> Looked through the list & the site but couldn't find a mention.
>>>>>>>>
>>>>>>>> TIA
>>>>>>>>
>>>>>>>> Fermin DCG
>>>>>>>>
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>
>>>>>>>> To unsubscribe, e-mail:
>>>>>>>> tapestry-user-unsubscribe@jakarta.apache.org
>>>>>>>> For additional commands, e-mail:
>>>>>>>> tapestry-user-help@jakarta.apache.org
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>>
>>>>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>>>>> For additional commands, e-mail:
>>>>>>> tapestry-user-help@jakarta.apache.org
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>>>> For additional commands, e-mail:
>>>>>> tapestry-user-help@jakarta.apache.org
>>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>>>
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Howto: turn ssl on and off (links & form done, images left)
Posted by "F. Da Costa" <da...@xs4all.nl>.
Paul Ferraro wrote:
> Yes. As long as you are not prepopulating the form with data that needs
> to be transmitted securely, then the presentation does not have to be
> secure. The form submission will be secure as long as the form action
> specifies an https address.
Got the SecureForm ready. Comes with the suggested 'plop' funcionality.
The only thing left now is to get Jetty to actually find my images again so
i can complete it.
Once finished i'll put it on the list. Maybe it could be of interest of
others or a better developer can improve upon the code. ;-)
Fermin
>
> F. Da Costa wrote:
>
>> Paul Ferraro wrote:
>>
>>> 1.) Yes. That was the intent of the code I included earlier in this
>>> correspondence. Here's an elaboration...
>>>
>>> public abstract class SecuredPage extends BasePage implements
>>> PageValidateListener
>>> {
>>> public void validatePage(PageEvent event)
>>> {
>>> if
>>> (!event.getRequestCycle().getRequestContext().getRequest().isSecure())
>>> {
>>> throw new PageRedirectException("SSLRequiredErrorPage");
>>> }
>>> // ...
>>> }
>>> }
>>
>>
>>
>> Hmm, i just finished making 5 additional secureLink(s).
>> SecurePageLink, etc. Basically i figured (but i kight be a bit off
>> here) that a page is to be used in a secured fashion (always) or its
>> not. For myself i haven't come up with a page that needs to be secure
>> on one moment and normal the next.
>>
>>>
>>> 2.) Yup. Just plop https://... into the form action.
>>>
>>> <form action="https://myserver.com/app/..." method="post">
>>> ....
>>> </form>
>>>
>>> Like I said before, I don't think there are appropriate hooks in
>>> Tapestry's Form component that would enable the generation of an
>>> absolute URL (a la AbsoluteLinkRenderer). That is why I suggested
>>> creating a custom component that extends the form component to
>>> provide this functionality. And again, I think that this a common
>>> enough requirement that it should be a feature of the framework.
>>>
>> Ok, this looks doable. Just want to make 1 thing sure before i embark
>> on another one of my infamous side-trips ;-).
>> The moment this 'secured form' is embedded in an otherwise unsecured
>> page its data gets submitted securely? Is this correct?
>>
>> Fermin
>>
>>> Let us know how it works out...
>>>
>>> Paul Ferraro
>>>
>>>
>>> F. Da Costa wrote:
>>>
>>>> Paul Ferraro wrote:
>>>>
>>>>> Cool - I didn't know that existed. The equivalent mechanism for
>>>>> customizing form actions is still unknown to me - Form components
>>>>> don't have renderer hooks. Let me know if you come across anything.
>>>>>
>>>>> To get Jetty to respond to SSL requests, you need to add the
>>>>> appropriate listener to your jetty.xml or customer jetty config
>>>>> file. The default config file in $JETTY_HOME/etc/jetty.xml
>>>>> includes a commented-out sample SSL listener:
>>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>>> - -->
>>>>> <!-- Add a HTTPS SSL listener on port
>>>>> 8443 -->
>>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>>> - -->
>>>>> <!-- UNCOMMENT TO ACTIVATE
>>>>> <Call name="addListener">
>>>>> <Arg>
>>>>> <New class="org.mortbay.http.SunJsseListener">
>>>>> <Set name="Port">8443</Set>
>>>>> <Set name="PoolName">main</Set>
>>>>> <Set name="Keystore"><SystemProperty name="jetty.home"
>>>>> default="."/>/etc/demokeystore</Set>
>>>>> <Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
>>>>> <Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
>>>>> <Set name="NonPersistentUserAgent">MSIE 5</Set>
>>>>> </New>
>>>>> </Arg>
>>>>> </Call>
>>>>> -->
>>>>>
>>>>> You can probably figure it out from there... :)
>>>>>
>>>> I did and attached the jetty.xml.
>>>> Although i think that Geoff might actually include it into Spindle
>>>> as well (just making) life easier ;-).
>>>>
>>>> Just two more things to figure out though.
>>>>
>>>> 1. What is the easiest way to make sure that a connection stays in
>>>> ssl mode until it is ok to get out again?
>>>>
>>>> Would it suffice to create an abstract SecuredPage from which the
>>>> pages that need to be secure are derived?
>>>>
>>>> 2. If i have a form on an insecure page can i than submit it
>>>> securely. I believe it can be done 'normally' by throwing it at a
>>>> 'secure' servlet but i'm admittedly hazy on this. An example of this
>>>> would be the large style.tigris.org page in which they reserve the
>>>> top right corner for login purposes.
>>>>
>>>> Any takers?
>>>>
>>>> TIA
>>>>
>>>> Fermin
>>>>
>>>>
>>>>> Paul Ferraro
>>>>>
>>>>> F. Da Costa wrote:
>>>>>
>>>>>> Paul Ferraro wrote:
>>>>>>
>>>>>>> That's a great question actually.
>>>>>>> I don't think tapestry has simple hooks in the Form and various
>>>>>>> link components to change the url scheme (i.e. http -> https).
>>>>>>> For the links
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> <?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Mort Bay
>>>> Consulting//DTD Configure 1.2//EN"
>>>> "http://jetty.mortbay.org/configure_1_2.dtd">
>>>>
>>>>
>>>>
>>>> <!-- ===============================================================
>>>> -->
>>>> <!-- Configure the Jetty Server
>>>> -->
>>>> <!-- ===============================================================
>>>> -->
>>>> <Configure class="org.mortbay.jetty.Server">
>>>>
>>>> <!--
>>>> =============================================================== -->
>>>> <!-- Configure the Request
>>>> Listeners -->
>>>> <!--
>>>> =============================================================== -->
>>>>
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- Add and configure a HTTP listener to port
>>>> 8080 -->
>>>> <!-- The default port can be changed using: java
>>>> -Djetty.port=80 -->
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <Call name="addListener">
>>>> <Arg>
>>>> <New class="org.mortbay.http.SocketListener">
>>>> <Set name="Port"><SystemProperty name="jetty.port"
>>>> default="8080"/></Set>
>>>> <Set name="MinThreads">10</Set>
>>>> <Set name="MaxThreads">100</Set>
>>>> <Set name="MaxIdleTimeMs">30000</Set>
>>>> <Set name="LowResourcePersistTimeMs">5000</Set>
>>>> <Set name="ConfidentialPort">8443</Set>
>>>> <Set name="IntegralPort">8443</Set>
>>>> </New>
>>>> </Arg>
>>>> </Call>
>>>>
>>>>
>>>>
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- Add a HTTPS SSL listener on port
>>>> 8443 -->
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- UNCOMMENT TO ACTIVATE -->
>>>> <Call name="addListener">
>>>> <Arg>
>>>> <New class="org.mortbay.http.SunJsseListener">
>>>> <Set name="Port">8443</Set>
>>>> <Set name="MinThreads">5</Set>
>>>> <Set name="MaxThreads">100</Set>
>>>> <Set name="MaxIdleTimeMs">30000</Set>
>>>> <Set name="LowResourcePersistTimeMs">2000</Set>
>>>> <Set name="Keystore"><SystemProperty name="jetty.home"
>>>> default="."/>/etc/demokeystore</Set>
>>>> <Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
>>>> <Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
>>>> </New>
>>>> </Arg>
>>>> </Call>
>>>>
>>>>
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- Add a AJP13 listener on port
>>>> 8009 -->
>>>> <!-- This protocol can be used with mod_jk in apache, IIS
>>>> etc. -->
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- UNCOMMENT TO ACTIVATE
>>>> <Call name="addListener">
>>>> <Arg>
>>>> <New class="org.mortbay.http.ajp.AJP13Listener">
>>>> <Set name="Port">8009</Set>
>>>> <Set name="MinThreads">5</Set>
>>>> <Set name="MaxThreads">20</Set>
>>>> <Set name="MaxIdleTimeMs">0</Set>
>>>> <Set name="confidentialPort">443</Set>
>>>> </New>
>>>> </Arg>
>>>> </Call>
>>>> -->
>>>>
>>>> <!--
>>>> =============================================================== -->
>>>> <!-- Configure the
>>>> Contexts -->
>>>> <!--
>>>> =============================================================== -->
>>>>
>>>>
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- Add a all web application within the webapps
>>>> directory. -->
>>>> <!-- + No virtual host
>>>> specified -->
>>>> <!-- + Look in the webapps directory relative to jetty.home or
>>>> . -->
>>>> <!-- + Use the webdefault.xml resource for the defaults
>>>> descriptor -->
>>>> <!-- + Upack the war
>>>> file -->
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!--Set name="rootWebApp">app</Set>
>>>> <Call name="addWebApplications">
>>>> <Arg>context</Arg>
>>>> <Arg><SystemProperty name="jetty.home"
>>>> default="."/>file://../eclipse3/workspace/tests/context/</Arg>
>>>> <Arg>org/mortbay/jetty/servlet/webdefault.xml</Arg>
>>>> <Arg>context/WEB-INF/web.xml</Arg>
>>>> <Arg type="boolean">true</Arg>
>>>> </Call-->
>>>>
>>>>
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- Add and configure a specific web
>>>> application -->
>>>> <!-- + Set Unpack WAR
>>>> files -->
>>>> <!-- + Set Default Descriptor. Resource, file or
>>>> URL -->
>>>> <!-- + Set Virtual Hosts. A Null host or empty array means all
>>>> hosts -->
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- UNCOMMENT TO ACTIVATE -->
>>>> <Call name="addWebApplication">
>>>> <Arg>localhost</Arg>
>>>> <Arg>/</Arg>
>>>> <Arg>/</Arg>
>>>>
>>>> <Set name="extractWAR">false</Set>
>>>> <Set name="defaultsDescriptor">./context/WEB-INF/web.xml</Set>
>>>>
>>>> <!--Set name="virtualHosts">
>>>> <Array type="java.lang.String">
>>>> <Item>127.0.0.1</Item>
>>>> <Item>localhost</Item>
>>>> </Array>
>>>> </Set-->
>>>> </Call>
>>>>
>>>> <!--
>>>> =============================================================== -->
>>>> <!-- Configure the Request
>>>> Log -->
>>>> <!--
>>>> =============================================================== -->
>>>> <Set name="RequestLog">
>>>> <New class="org.mortbay.http.NCSARequestLog">
>>>> <Arg><SystemProperty name="jetty.home"
>>>> default="."/>/logs/yyyy_mm_dd.request.log</Arg>
>>>> <Set name="retainDays">90</Set>
>>>> <Set name="append">true</Set>
>>>> <Set name="extended">false</Set>
>>>> <Set name="buffered">false</Set>
>>>> <Set name="LogTimeZone">GMT</Set>
>>>> </New>
>>>> </Set>
>>>>
>>>> <!--
>>>> =============================================================== -->
>>>> <!-- Configure the Other Server
>>>> Options -->
>>>> <!--
>>>> =============================================================== -->
>>>> <Set name="requestsPerGC">2000</Set>
>>>> <Set name="statsOn">true</Set>
>>>>
>>>> </Configure>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Howto: turn ssl on and off (continuity & form left)
Posted by Paul Ferraro <pm...@columbia.edu>.
Yes. As long as you are not prepopulating the form with data that needs
to be transmitted securely, then the presentation does not have to be
secure. The form submission will be secure as long as the form action
specifies an https address.
F. Da Costa wrote:
> Paul Ferraro wrote:
>
>> 1.) Yes. That was the intent of the code I included earlier in this
>> correspondence. Here's an elaboration...
>>
>> public abstract class SecuredPage extends BasePage implements
>> PageValidateListener
>> {
>> public void validatePage(PageEvent event)
>> {
>> if
>> (!event.getRequestCycle().getRequestContext().getRequest().isSecure())
>> {
>> throw new PageRedirectException("SSLRequiredErrorPage");
>> }
>> // ...
>> }
>> }
>
>
> Hmm, i just finished making 5 additional secureLink(s).
> SecurePageLink, etc. Basically i figured (but i kight be a bit off
> here) that a page is to be used in a secured fashion (always) or its
> not. For myself i haven't come up with a page that needs to be secure
> on one moment and normal the next.
>
>>
>> 2.) Yup. Just plop https://... into the form action.
>>
>> <form action="https://myserver.com/app/..." method="post">
>> ....
>> </form>
>>
>> Like I said before, I don't think there are appropriate hooks in
>> Tapestry's Form component that would enable the generation of an
>> absolute URL (a la AbsoluteLinkRenderer). That is why I suggested
>> creating a custom component that extends the form component to
>> provide this functionality. And again, I think that this a common
>> enough requirement that it should be a feature of the framework.
>>
> Ok, this looks doable. Just want to make 1 thing sure before i embark
> on another one of my infamous side-trips ;-).
> The moment this 'secured form' is embedded in an otherwise unsecured
> page its data gets submitted securely? Is this correct?
>
> Fermin
>
>> Let us know how it works out...
>>
>> Paul Ferraro
>>
>>
>> F. Da Costa wrote:
>>
>>> Paul Ferraro wrote:
>>>
>>>> Cool - I didn't know that existed. The equivalent mechanism for
>>>> customizing form actions is still unknown to me - Form components
>>>> don't have renderer hooks. Let me know if you come across anything.
>>>>
>>>> To get Jetty to respond to SSL requests, you need to add the
>>>> appropriate listener to your jetty.xml or customer jetty config
>>>> file. The default config file in $JETTY_HOME/etc/jetty.xml
>>>> includes a commented-out sample SSL listener:
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- Add a HTTPS SSL listener on port
>>>> 8443 -->
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>> - -->
>>>> <!-- UNCOMMENT TO ACTIVATE
>>>> <Call name="addListener">
>>>> <Arg>
>>>> <New class="org.mortbay.http.SunJsseListener">
>>>> <Set name="Port">8443</Set>
>>>> <Set name="PoolName">main</Set>
>>>> <Set name="Keystore"><SystemProperty name="jetty.home"
>>>> default="."/>/etc/demokeystore</Set>
>>>> <Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
>>>> <Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
>>>> <Set name="NonPersistentUserAgent">MSIE 5</Set>
>>>> </New>
>>>> </Arg>
>>>> </Call>
>>>> -->
>>>>
>>>> You can probably figure it out from there... :)
>>>>
>>> I did and attached the jetty.xml.
>>> Although i think that Geoff might actually include it into Spindle
>>> as well (just making) life easier ;-).
>>>
>>> Just two more things to figure out though.
>>>
>>> 1. What is the easiest way to make sure that a connection stays in
>>> ssl mode until it is ok to get out again?
>>>
>>> Would it suffice to create an abstract SecuredPage from which the
>>> pages that need to be secure are derived?
>>>
>>> 2. If i have a form on an insecure page can i than submit it
>>> securely. I believe it can be done 'normally' by throwing it at a
>>> 'secure' servlet but i'm admittedly hazy on this. An example of this
>>> would be the large style.tigris.org page in which they reserve the
>>> top right corner for login purposes.
>>>
>>> Any takers?
>>>
>>> TIA
>>>
>>> Fermin
>>>
>>>
>>>> Paul Ferraro
>>>>
>>>> F. Da Costa wrote:
>>>>
>>>>> Paul Ferraro wrote:
>>>>>
>>>>>> That's a great question actually.
>>>>>> I don't think tapestry has simple hooks in the Form and various
>>>>>> link components to change the url scheme (i.e. http -> https).
>>>>>> For the links
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>>> <?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Mort Bay
>>> Consulting//DTD Configure 1.2//EN"
>>> "http://jetty.mortbay.org/configure_1_2.dtd">
>>>
>>>
>>>
>>> <!-- ===============================================================
>>> -->
>>> <!-- Configure the Jetty Server
>>> -->
>>> <!-- ===============================================================
>>> -->
>>> <Configure class="org.mortbay.jetty.Server">
>>>
>>> <!--
>>> =============================================================== -->
>>> <!-- Configure the Request
>>> Listeners -->
>>> <!--
>>> =============================================================== -->
>>>
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - -->
>>> <!-- Add and configure a HTTP listener to port
>>> 8080 -->
>>> <!-- The default port can be changed using: java
>>> -Djetty.port=80 -->
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - -->
>>> <Call name="addListener">
>>> <Arg>
>>> <New class="org.mortbay.http.SocketListener">
>>> <Set name="Port"><SystemProperty name="jetty.port"
>>> default="8080"/></Set>
>>> <Set name="MinThreads">10</Set>
>>> <Set name="MaxThreads">100</Set>
>>> <Set name="MaxIdleTimeMs">30000</Set>
>>> <Set name="LowResourcePersistTimeMs">5000</Set>
>>> <Set name="ConfidentialPort">8443</Set>
>>> <Set name="IntegralPort">8443</Set>
>>> </New>
>>> </Arg>
>>> </Call>
>>>
>>>
>>>
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - -->
>>> <!-- Add a HTTPS SSL listener on port
>>> 8443 -->
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - -->
>>> <!-- UNCOMMENT TO ACTIVATE -->
>>> <Call name="addListener">
>>> <Arg>
>>> <New class="org.mortbay.http.SunJsseListener">
>>> <Set name="Port">8443</Set>
>>> <Set name="MinThreads">5</Set>
>>> <Set name="MaxThreads">100</Set>
>>> <Set name="MaxIdleTimeMs">30000</Set>
>>> <Set name="LowResourcePersistTimeMs">2000</Set>
>>> <Set name="Keystore"><SystemProperty name="jetty.home"
>>> default="."/>/etc/demokeystore</Set>
>>> <Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
>>> <Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
>>> </New>
>>> </Arg>
>>> </Call>
>>>
>>>
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - -->
>>> <!-- Add a AJP13 listener on port
>>> 8009 -->
>>> <!-- This protocol can be used with mod_jk in apache, IIS
>>> etc. -->
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - -->
>>> <!-- UNCOMMENT TO ACTIVATE
>>> <Call name="addListener">
>>> <Arg>
>>> <New class="org.mortbay.http.ajp.AJP13Listener">
>>> <Set name="Port">8009</Set>
>>> <Set name="MinThreads">5</Set>
>>> <Set name="MaxThreads">20</Set>
>>> <Set name="MaxIdleTimeMs">0</Set>
>>> <Set name="confidentialPort">443</Set>
>>> </New>
>>> </Arg>
>>> </Call>
>>> -->
>>>
>>> <!--
>>> =============================================================== -->
>>> <!-- Configure the
>>> Contexts -->
>>> <!--
>>> =============================================================== -->
>>>
>>>
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - -->
>>> <!-- Add a all web application within the webapps
>>> directory. -->
>>> <!-- + No virtual host
>>> specified -->
>>> <!-- + Look in the webapps directory relative to jetty.home or
>>> . -->
>>> <!-- + Use the webdefault.xml resource for the defaults
>>> descriptor -->
>>> <!-- + Upack the war
>>> file -->
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - -->
>>> <!--Set name="rootWebApp">app</Set>
>>> <Call name="addWebApplications">
>>> <Arg>context</Arg>
>>> <Arg><SystemProperty name="jetty.home"
>>> default="."/>file://../eclipse3/workspace/tests/context/</Arg>
>>> <Arg>org/mortbay/jetty/servlet/webdefault.xml</Arg>
>>> <Arg>context/WEB-INF/web.xml</Arg>
>>> <Arg type="boolean">true</Arg>
>>> </Call-->
>>>
>>>
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - -->
>>> <!-- Add and configure a specific web
>>> application -->
>>> <!-- + Set Unpack WAR
>>> files -->
>>> <!-- + Set Default Descriptor. Resource, file or
>>> URL -->
>>> <!-- + Set Virtual Hosts. A Null host or empty array means all
>>> hosts -->
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - -->
>>> <!-- UNCOMMENT TO ACTIVATE -->
>>> <Call name="addWebApplication">
>>> <Arg>localhost</Arg>
>>> <Arg>/</Arg>
>>> <Arg>/</Arg>
>>>
>>> <Set name="extractWAR">false</Set>
>>> <Set name="defaultsDescriptor">./context/WEB-INF/web.xml</Set>
>>>
>>> <!--Set name="virtualHosts">
>>> <Array type="java.lang.String">
>>> <Item>127.0.0.1</Item>
>>> <Item>localhost</Item>
>>> </Array>
>>> </Set-->
>>> </Call>
>>>
>>> <!--
>>> =============================================================== -->
>>> <!-- Configure the Request
>>> Log -->
>>> <!--
>>> =============================================================== -->
>>> <Set name="RequestLog">
>>> <New class="org.mortbay.http.NCSARequestLog">
>>> <Arg><SystemProperty name="jetty.home"
>>> default="."/>/logs/yyyy_mm_dd.request.log</Arg>
>>> <Set name="retainDays">90</Set>
>>> <Set name="append">true</Set>
>>> <Set name="extended">false</Set>
>>> <Set name="buffered">false</Set>
>>> <Set name="LogTimeZone">GMT</Set>
>>> </New>
>>> </Set>
>>>
>>> <!--
>>> =============================================================== -->
>>> <!-- Configure the Other Server
>>> Options -->
>>> <!--
>>> =============================================================== -->
>>> <Set name="requestsPerGC">2000</Set>
>>> <Set name="statsOn">true</Set>
>>>
>>> </Configure>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Howto: turn ssl on and off (continuity & form left)
Posted by "F. Da Costa" <da...@xs4all.nl>.
Paul Ferraro wrote:
> 1.) Yes. That was the intent of the code I included earlier in this
> correspondence. Here's an elaboration...
>
> public abstract class SecuredPage extends BasePage implements
> PageValidateListener
> {
> public void validatePage(PageEvent event)
> {
> if
> (!event.getRequestCycle().getRequestContext().getRequest().isSecure())
> {
> throw new PageRedirectException("SSLRequiredErrorPage");
> }
> // ...
> }
> }
Hmm, i just finished making 5 additional secureLink(s). SecurePageLink,
etc. Basically i figured (but i kight be a bit off here) that a page is to
be used in a secured fashion (always) or its not. For myself i haven't come
up with a page that needs to be secure on one moment and normal the next.
>
> 2.) Yup. Just plop https://... into the form action.
>
> <form action="https://myserver.com/app/..." method="post">
> ....
> </form>
>
> Like I said before, I don't think there are appropriate hooks in
> Tapestry's Form component that would enable the generation of an
> absolute URL (a la AbsoluteLinkRenderer). That is why I suggested
> creating a custom component that extends the form component to provide
> this functionality. And again, I think that this a common enough
> requirement that it should be a feature of the framework.
>
Ok, this looks doable. Just want to make 1 thing sure before i embark on
another one of my infamous side-trips ;-).
The moment this 'secured form' is embedded in an otherwise unsecured page
its data gets submitted securely? Is this correct?
Fermin
> Let us know how it works out...
>
> Paul Ferraro
>
>
> F. Da Costa wrote:
>
>> Paul Ferraro wrote:
>>
>>> Cool - I didn't know that existed. The equivalent mechanism for
>>> customizing form actions is still unknown to me - Form components
>>> don't have renderer hooks. Let me know if you come across anything.
>>>
>>> To get Jetty to respond to SSL requests, you need to add the
>>> appropriate listener to your jetty.xml or customer jetty config
>>> file. The default config file in $JETTY_HOME/etc/jetty.xml includes
>>> a commented-out sample SSL listener:
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> -->
>>> <!-- Add a HTTPS SSL listener on port 8443
>>> -->
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> -->
>>> <!-- UNCOMMENT TO ACTIVATE
>>> <Call name="addListener">
>>> <Arg>
>>> <New class="org.mortbay.http.SunJsseListener">
>>> <Set name="Port">8443</Set>
>>> <Set name="PoolName">main</Set>
>>> <Set name="Keystore"><SystemProperty name="jetty.home"
>>> default="."/>/etc/demokeystore</Set>
>>> <Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
>>> <Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
>>> <Set name="NonPersistentUserAgent">MSIE 5</Set>
>>> </New>
>>> </Arg>
>>> </Call>
>>> -->
>>>
>>> You can probably figure it out from there... :)
>>>
>> I did and attached the jetty.xml.
>> Although i think that Geoff might actually include it into Spindle as
>> well (just making) life easier ;-).
>>
>> Just two more things to figure out though.
>>
>> 1. What is the easiest way to make sure that a connection stays in ssl
>> mode until it is ok to get out again?
>>
>> Would it suffice to create an abstract SecuredPage from which the
>> pages that need to be secure are derived?
>>
>> 2. If i have a form on an insecure page can i than submit it securely.
>> I believe it can be done 'normally' by throwing it at a 'secure'
>> servlet but i'm admittedly hazy on this. An example of this would be
>> the large style.tigris.org page in which they reserve the top right
>> corner for login purposes.
>>
>> Any takers?
>>
>> TIA
>>
>> Fermin
>>
>>
>>> Paul Ferraro
>>>
>>> F. Da Costa wrote:
>>>
>>>> Paul Ferraro wrote:
>>>>
>>>>> That's a great question actually.
>>>>> I don't think tapestry has simple hooks in the Form and various
>>>>> link components to change the url scheme (i.e. http -> https). For
>>>>> the links
>>>>
>>>>
>>>>
>>>>
>> ------------------------------------------------------------------------
>>
>> <?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Mort Bay
>> Consulting//DTD Configure 1.2//EN"
>> "http://jetty.mortbay.org/configure_1_2.dtd">
>>
>>
>>
>> <!-- =============================================================== -->
>> <!-- Configure the Jetty Server -->
>> <!-- =============================================================== -->
>> <Configure class="org.mortbay.jetty.Server">
>>
>> <!-- =============================================================== -->
>> <!-- Configure the Request Listeners -->
>> <!-- =============================================================== -->
>>
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <!-- Add and configure a HTTP listener to port
>> 8080 -->
>> <!-- The default port can be changed using: java -Djetty.port=80 -->
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <Call name="addListener">
>> <Arg>
>> <New class="org.mortbay.http.SocketListener">
>> <Set name="Port"><SystemProperty name="jetty.port"
>> default="8080"/></Set>
>> <Set name="MinThreads">10</Set>
>> <Set name="MaxThreads">100</Set>
>> <Set name="MaxIdleTimeMs">30000</Set>
>> <Set name="LowResourcePersistTimeMs">5000</Set>
>> <Set name="ConfidentialPort">8443</Set>
>> <Set name="IntegralPort">8443</Set>
>> </New>
>> </Arg>
>> </Call>
>>
>>
>>
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <!-- Add a HTTPS SSL listener on port 8443 -->
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <!-- UNCOMMENT TO ACTIVATE -->
>> <Call name="addListener">
>> <Arg>
>> <New class="org.mortbay.http.SunJsseListener">
>> <Set name="Port">8443</Set>
>> <Set name="MinThreads">5</Set>
>> <Set name="MaxThreads">100</Set>
>> <Set name="MaxIdleTimeMs">30000</Set>
>> <Set name="LowResourcePersistTimeMs">2000</Set>
>> <Set name="Keystore"><SystemProperty name="jetty.home"
>> default="."/>/etc/demokeystore</Set>
>> <Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
>> <Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
>> </New>
>> </Arg>
>> </Call>
>>
>>
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <!-- Add a AJP13 listener on port 8009 -->
>> <!-- This protocol can be used with mod_jk in apache, IIS etc. -->
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <!-- UNCOMMENT TO ACTIVATE
>> <Call name="addListener">
>> <Arg>
>> <New class="org.mortbay.http.ajp.AJP13Listener">
>> <Set name="Port">8009</Set>
>> <Set name="MinThreads">5</Set>
>> <Set name="MaxThreads">20</Set>
>> <Set name="MaxIdleTimeMs">0</Set>
>> <Set name="confidentialPort">443</Set>
>> </New>
>> </Arg>
>> </Call>
>> -->
>>
>> <!-- =============================================================== -->
>> <!-- Configure the Contexts -->
>> <!-- =============================================================== -->
>>
>>
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <!-- Add a all web application within the webapps directory. -->
>> <!-- + No virtual host specified -->
>> <!-- + Look in the webapps directory relative to jetty.home or . -->
>> <!-- + Use the webdefault.xml resource for the defaults descriptor -->
>> <!-- + Upack the war file -->
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <!--Set name="rootWebApp">app</Set>
>> <Call name="addWebApplications">
>> <Arg>context</Arg>
>> <Arg><SystemProperty name="jetty.home"
>> default="."/>file://../eclipse3/workspace/tests/context/</Arg>
>> <Arg>org/mortbay/jetty/servlet/webdefault.xml</Arg>
>> <Arg>context/WEB-INF/web.xml</Arg>
>> <Arg type="boolean">true</Arg>
>> </Call-->
>>
>>
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <!-- Add and configure a specific web application -->
>> <!-- + Set Unpack WAR files -->
>> <!-- + Set Default Descriptor. Resource, file or URL -->
>> <!-- + Set Virtual Hosts. A Null host or empty array means all hosts -->
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <!-- UNCOMMENT TO ACTIVATE -->
>> <Call name="addWebApplication">
>> <Arg>localhost</Arg>
>> <Arg>/</Arg>
>> <Arg>/</Arg>
>>
>> <Set name="extractWAR">false</Set>
>> <Set name="defaultsDescriptor">./context/WEB-INF/web.xml</Set>
>>
>> <!--Set name="virtualHosts">
>> <Array type="java.lang.String">
>> <Item>127.0.0.1</Item>
>> <Item>localhost</Item>
>> </Array>
>> </Set-->
>> </Call>
>>
>> <!-- =============================================================== -->
>> <!-- Configure the Request Log -->
>> <!-- =============================================================== -->
>> <Set name="RequestLog">
>> <New class="org.mortbay.http.NCSARequestLog">
>> <Arg><SystemProperty name="jetty.home"
>> default="."/>/logs/yyyy_mm_dd.request.log</Arg>
>> <Set name="retainDays">90</Set>
>> <Set name="append">true</Set>
>> <Set name="extended">false</Set>
>> <Set name="buffered">false</Set>
>> <Set name="LogTimeZone">GMT</Set>
>> </New>
>> </Set>
>>
>> <!-- =============================================================== -->
>> <!-- Configure the Other Server Options -->
>> <!-- =============================================================== -->
>> <Set name="requestsPerGC">2000</Set>
>> <Set name="statsOn">true</Set>
>>
>> </Configure>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Howto: turn ssl on and off (continuity & form left)
Posted by Paul Ferraro <pm...@columbia.edu>.
1.) Yes. That was the intent of the code I included earlier in this
correspondence. Here's an elaboration...
public abstract class SecuredPage extends BasePage implements
PageValidateListener
{
public void validatePage(PageEvent event)
{
if
(!event.getRequestCycle().getRequestContext().getRequest().isSecure())
{
throw new PageRedirectException("SSLRequiredErrorPage");
}
// ...
}
}
2.) Yup. Just plop https://... into the form action.
<form action="https://myserver.com/app/..." method="post">
...
</form>
Like I said before, I don't think there are appropriate hooks in
Tapestry's Form component that would enable the generation of an
absolute URL (a la AbsoluteLinkRenderer). That is why I suggested
creating a custom component that extends the form component to provide
this functionality. And again, I think that this a common enough
requirement that it should be a feature of the framework.
Let us know how it works out...
Paul Ferraro
F. Da Costa wrote:
> Paul Ferraro wrote:
>
>> Cool - I didn't know that existed. The equivalent mechanism for
>> customizing form actions is still unknown to me - Form components
>> don't have renderer hooks. Let me know if you come across anything.
>>
>> To get Jetty to respond to SSL requests, you need to add the
>> appropriate listener to your jetty.xml or customer jetty config
>> file. The default config file in $JETTY_HOME/etc/jetty.xml includes
>> a commented-out sample SSL listener:
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> -->
>> <!-- Add a HTTPS SSL listener on port 8443
>> -->
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> -->
>> <!-- UNCOMMENT TO ACTIVATE
>> <Call name="addListener">
>> <Arg>
>> <New class="org.mortbay.http.SunJsseListener">
>> <Set name="Port">8443</Set>
>> <Set name="PoolName">main</Set>
>> <Set name="Keystore"><SystemProperty name="jetty.home"
>> default="."/>/etc/demokeystore</Set>
>> <Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
>> <Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
>> <Set name="NonPersistentUserAgent">MSIE 5</Set>
>> </New>
>> </Arg>
>> </Call>
>> -->
>>
>> You can probably figure it out from there... :)
>>
> I did and attached the jetty.xml.
> Although i think that Geoff might actually include it into Spindle as
> well (just making) life easier ;-).
>
> Just two more things to figure out though.
>
> 1. What is the easiest way to make sure that a connection stays in ssl
> mode until it is ok to get out again?
>
> Would it suffice to create an abstract SecuredPage from which the
> pages that need to be secure are derived?
>
> 2. If i have a form on an insecure page can i than submit it securely.
> I believe it can be done 'normally' by throwing it at a 'secure'
> servlet but i'm admittedly hazy on this. An example of this would be
> the large style.tigris.org page in which they reserve the top right
> corner for login purposes.
>
> Any takers?
>
> TIA
>
> Fermin
>
>
>> Paul Ferraro
>>
>> F. Da Costa wrote:
>>
>>> Paul Ferraro wrote:
>>>
>>>> That's a great question actually.
>>>> I don't think tapestry has simple hooks in the Form and various
>>>> link components to change the url scheme (i.e. http -> https). For
>>>> the links
>>>
>>>
>>>
>------------------------------------------------------------------------
>
><?xml version="1.0"?>
><!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure 1.2//EN" "http://jetty.mortbay.org/configure_1_2.dtd">
>
>
>
><!-- =============================================================== -->
><!-- Configure the Jetty Server -->
><!-- =============================================================== -->
><Configure class="org.mortbay.jetty.Server">
>
> <!-- =============================================================== -->
> <!-- Configure the Request Listeners -->
> <!-- =============================================================== -->
>
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <!-- Add and configure a HTTP listener to port 8080 -->
> <!-- The default port can be changed using: java -Djetty.port=80 -->
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <Call name="addListener">
> <Arg>
> <New class="org.mortbay.http.SocketListener">
> <Set name="Port"><SystemProperty name="jetty.port" default="8080"/></Set>
> <Set name="MinThreads">10</Set>
> <Set name="MaxThreads">100</Set>
> <Set name="MaxIdleTimeMs">30000</Set>
> <Set name="LowResourcePersistTimeMs">5000</Set>
> <Set name="ConfidentialPort">8443</Set>
> <Set name="IntegralPort">8443</Set>
> </New>
> </Arg>
> </Call>
>
>
>
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <!-- Add a HTTPS SSL listener on port 8443 -->
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <!-- UNCOMMENT TO ACTIVATE -->
> <Call name="addListener">
> <Arg>
> <New class="org.mortbay.http.SunJsseListener">
> <Set name="Port">8443</Set>
> <Set name="MinThreads">5</Set>
> <Set name="MaxThreads">100</Set>
> <Set name="MaxIdleTimeMs">30000</Set>
> <Set name="LowResourcePersistTimeMs">2000</Set>
> <Set name="Keystore"><SystemProperty name="jetty.home" default="."/>/etc/demokeystore</Set>
> <Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
> <Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
> </New>
> </Arg>
> </Call>
>
>
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <!-- Add a AJP13 listener on port 8009 -->
> <!-- This protocol can be used with mod_jk in apache, IIS etc. -->
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <!-- UNCOMMENT TO ACTIVATE
> <Call name="addListener">
> <Arg>
> <New class="org.mortbay.http.ajp.AJP13Listener">
> <Set name="Port">8009</Set>
> <Set name="MinThreads">5</Set>
> <Set name="MaxThreads">20</Set>
> <Set name="MaxIdleTimeMs">0</Set>
> <Set name="confidentialPort">443</Set>
> </New>
> </Arg>
> </Call>
> -->
>
> <!-- =============================================================== -->
> <!-- Configure the Contexts -->
> <!-- =============================================================== -->
>
>
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <!-- Add a all web application within the webapps directory. -->
> <!-- + No virtual host specified -->
> <!-- + Look in the webapps directory relative to jetty.home or . -->
> <!-- + Use the webdefault.xml resource for the defaults descriptor -->
> <!-- + Upack the war file -->
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <!--Set name="rootWebApp">app</Set>
> <Call name="addWebApplications">
> <Arg>context</Arg>
> <Arg><SystemProperty name="jetty.home" default="."/>file://../eclipse3/workspace/tests/context/</Arg>
> <Arg>org/mortbay/jetty/servlet/webdefault.xml</Arg>
> <Arg>context/WEB-INF/web.xml</Arg>
> <Arg type="boolean">true</Arg>
> </Call-->
>
>
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <!-- Add and configure a specific web application -->
> <!-- + Set Unpack WAR files -->
> <!-- + Set Default Descriptor. Resource, file or URL -->
> <!-- + Set Virtual Hosts. A Null host or empty array means all hosts -->
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <!-- UNCOMMENT TO ACTIVATE -->
> <Call name="addWebApplication">
> <Arg>localhost</Arg>
> <Arg>/</Arg>
> <Arg>/</Arg>
>
> <Set name="extractWAR">false</Set>
>
> <Set name="defaultsDescriptor">./context/WEB-INF/web.xml</Set>
>
> <!--Set name="virtualHosts">
> <Array type="java.lang.String">
> <Item>127.0.0.1</Item>
> <Item>localhost</Item>
> </Array>
> </Set-->
> </Call>
>
> <!-- =============================================================== -->
> <!-- Configure the Request Log -->
> <!-- =============================================================== -->
> <Set name="RequestLog">
> <New class="org.mortbay.http.NCSARequestLog">
> <Arg><SystemProperty name="jetty.home" default="."/>/logs/yyyy_mm_dd.request.log</Arg>
> <Set name="retainDays">90</Set>
> <Set name="append">true</Set>
> <Set name="extended">false</Set>
> <Set name="buffered">false</Set>
> <Set name="LogTimeZone">GMT</Set>
> </New>
> </Set>
>
> <!-- =============================================================== -->
> <!-- Configure the Other Server Options -->
> <!-- =============================================================== -->
> <Set name="requestsPerGC">2000</Set>
> <Set name="statsOn">true</Set>
>
></Configure>
>
>
>
>
>
>
>
>
>
>
>
>------------------------------------------------------------------------
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Howto: turn ssl on and off (continuity & form left)
Posted by "F. Da Costa" <da...@xs4all.nl>.
Paul Ferraro wrote:
> Cool - I didn't know that existed. The equivalent mechanism for
> customizing form actions is still unknown to me - Form components don't
> have renderer hooks. Let me know if you come across anything.
>
> To get Jetty to respond to SSL requests, you need to add the appropriate
> listener to your jetty.xml or customer jetty config file. The default
> config file in $JETTY_HOME/etc/jetty.xml includes a commented-out sample
> SSL listener:
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <!-- Add a HTTPS SSL listener on port 8443 -->
> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
> <!-- UNCOMMENT TO ACTIVATE
> <Call name="addListener">
> <Arg>
> <New class="org.mortbay.http.SunJsseListener">
> <Set name="Port">8443</Set>
> <Set name="PoolName">main</Set>
> <Set name="Keystore"><SystemProperty name="jetty.home"
> default="."/>/etc/demokeystore</Set>
> <Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
> <Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
> <Set name="NonPersistentUserAgent">MSIE 5</Set>
> </New>
> </Arg>
> </Call>
> -->
>
> You can probably figure it out from there... :)
>
I did and attached the jetty.xml.
Although i think that Geoff might actually include it into Spindle as well
(just making) life easier ;-).
Just two more things to figure out though.
1. What is the easiest way to make sure that a connection stays in ssl mode
until it is ok to get out again?
Would it suffice to create an abstract SecuredPage from which the pages
that need to be secure are derived?
2. If i have a form on an insecure page can i than submit it securely. I
believe it can be done 'normally' by throwing it at a 'secure' servlet but
i'm admittedly hazy on this. An example of this would be the large
style.tigris.org page in which they reserve the top right corner for login
purposes.
Any takers?
TIA
Fermin
> Paul Ferraro
>
> F. Da Costa wrote:
>
>> Paul Ferraro wrote:
>>
>>> That's a great question actually.
>>> I don't think tapestry has simple hooks in the Form and various link
>>> components to change the url scheme (i.e. http -> https). For the links
>>
>>
Re: Howto: turn ssl on and off
Posted by Paul Ferraro <pm...@columbia.edu>.
Cool - I didn't know that existed. The equivalent mechanism for
customizing form actions is still unknown to me - Form components don't
have renderer hooks. Let me know if you come across anything.
To get Jetty to respond to SSL requests, you need to add the appropriate
listener to your jetty.xml or customer jetty config file. The default
config file in $JETTY_HOME/etc/jetty.xml includes a commented-out sample
SSL listener:
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<!-- Add a HTTPS SSL listener on port 8443 -->
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<!-- UNCOMMENT TO ACTIVATE
<Call name="addListener">
<Arg>
<New class="org.mortbay.http.SunJsseListener">
<Set name="Port">8443</Set>
<Set name="PoolName">main</Set>
<Set name="Keystore"><SystemProperty name="jetty.home"
default="."/>/etc/demokeystore</Set>
<Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
<Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
<Set name="NonPersistentUserAgent">MSIE 5</Set>
</New>
</Arg>
</Call>
-->
You can probably figure it out from there... :)
Paul Ferraro
F. Da Costa wrote:
> Paul Ferraro wrote:
>
>> That's a great question actually.
>> I don't think tapestry has simple hooks in the Form and various link
>> components to change the url scheme (i.e. http -> https). For the links
>
> Not entirely correct. Judging by the way Tapestry has been put
> together i could not imagine that something like this had not been put
> in place.
> As we are talkign about a renderer i started looking through the code
> and came across the AbsoluteLinkRenderer. Using this you can set the
> scheme (http, https, etc) for the link. :-)
>
> .java
> private static AbsoluteLinkRenderer _secureRenderer;
> public ILinkRenderer getSecureRenderer() {
> if (_secureRenderer==null) {
> _secureRenderer = new AbsoluteLinkRenderer();
> _secureRenderer. setScheme("https");
> _secureRenderer.setPort(8443);
> }
> return _secureRenderer;
>
> }
>
> .html spec
> <a jwcid="@PageLink" href="LoginPage.html" page="LoginPage"
> renderer="ognl:secureRenderer" target="frmMain">To login page</a><br />
>
> Basically this should do the trick but i can't get Jetty to respond to
> port 443 or 8443 yet.
>
> I guess its done once that has been resolved.
> Any suggestions?
>
> Fermin
>
>> anyway, you can specifiy your own custom ILinkRenderer that adds
>> "https://" and the server domain to the url of the link's href
>> attribute. The Form component has no such option, so you would have
>> to create a custom component that extends org.apache.tapestry.form.Form.
>> I think a feature request isprobably in order here.
>> Thinking a bit further, rather than adding options to existing
>> components, it may make sense to create a separate SSL component
>> library (like the sslext extension in Struts:
>> http://sslext.sourceforge.net) that includes extensions of the form
>> and link components and maybe new BasePage and BaseComponent objects.
>> Does anyone else have any experience with adding SSL support to
>> tapestry generated urls? Input from a Tapestry contributer would be
>> greatly appreciated...
>>
>> Paul Ferraro
>>
>> F. Da Costa wrote:
>>
>>> Paul Ferraro wrote:
>>>
>>>> Comments inline...
>>>> F. Da Costa wrote:
>>>>
>>>>> Thx Paul for the swift reply.
>>>>>
>>>>> But forgive my ignorance re. this subject (never had to go there
>>>>> before)
>>>>>
>>>>> Paul Ferraro wrote:
>>>>>
>>>>>> Use the Servlet API:
>>>>>>
>>>>>> if (!requestCycle.getRequestContext().getRequest().isSecure())
>>>>>> {
>>>>>> throw new PageRedirectException(...);
>>>>>> }
>>>>>>
>>>>>> You might want to place this logic in the pageValidate(PageEvent)
>>>>>> method of a base class for pages that require SSL. Activating
>>>>>> SSL usually
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> The part of creating an abstract 'secure' baseclass i understand.
>>>>> The Jetty stuff also seems pretty much ok (incl the keystore stuff
>>>>> & keygeneration).
>>>>>
>>>>> The only thing that mystifies me is how the connection suddenly
>>>>> goes into the secure mode. The PageRedirect thing i understand (i
>>>>> think). I'm not imagining however that handing a 'secured' page to
>>>>> the PageRedirectException will suddenly make the connection secure.
>>>>> So, if you say Servlet API i can get the servlet and probably do
>>>>> something with it but what. Do i need to extend the
>>>>> ApplicationServlet?
>>>>>
>>>> The connection doesn't change into secure mode - rather, it is
>>>> initiated in secure mode (i.e. url starts with https://). This is
>>>> often done transparently to the user by redirecting a selected
>>>> request to an https:// url,
>>>> e.g.
>>>> throw new RedirectException("https://www.myserver.com/app/...);
>>>> .... but can also be done through a link or form action. The JSSE
>>>
>>>
>>>
>>> Ahh, this is very elegant indeed (knowing Tapestry it had to be ;) )
>>> If you say through a link or form action are you than referring to
>>> 'putting https links in the rendered page'? If so how? Because i was
>>> under the impression that only http:// was rendered. (granted i'm no
>>> specialist).
>>>
>>> Thx again for the help. I'll make a small step through when i've got
>>> it running properly for those that follow.
>>>
>>> Fermin
>>>
>>>
>>>> listener will pick up the requests (typically port 443),
>>>> authenticate the request, then pass the request off to your
>>>> application. The servlet API was designed such that both secure
>>>> and non-secure request look the same to a servlet, other than the
>>>> value returned from javax.servlet.ServletRequest.isSecure().
>>>>
>>>> The code excerpt I included in the previous email was not meant to
>>>> suddenly make the connection secure. Sorry for the confusion. It
>>>> is simply a filter to ensure that the current request is using
>>>> SSL. The PageRedirectException from the excerpt was meant to
>>>> direct non-secure requests to some error page.
>>>>
>>>> Hope this helps,
>>>>
>>>> Paul
>>>>
>>>>> As you can see i am only partly following your suggestion.
>>>>>
>>>>>> requires a special socket listener in your servlet container
>>>>>> (e.g. for Jetty you would configure a
>>>>>> org.mortbay.http.SunJsseListener). See your server's
>>>>>> documentation for details.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> This bit is fine.
>>>>>
>>>>> I have an abstract class defined with the pageValidate stuff in
>>>>> there.
>>>>> I have got a handle on the servlet.
>>>>>
>>>>> And not a clue as to what to do next (though i reckon its not too
>>>>> horrid) :-{
>>>>> Hope there's a bit more help to spare.
>>>>>
>>>>> TIA
>>>>>
>>>>> Fermin
>>>>>
>>>>>
>>>>>>
>>>>>> Paul Ferraro
>>>>>>
>>>>>> F. Da Costa wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> This might seem like a silly question but how do i make sure a
>>>>>>> user gets into ssl mode (and out again when he's finished)? I.e.
>>>>>>> how do i activate/ deactivate ssl in Tapestry?
>>>>>>>
>>>>>>> Looked through the list & the site but couldn't find a mention.
>>>>>>>
>>>>>>> TIA
>>>>>>>
>>>>>>> Fermin DCG
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>>
>>>>>>> To unsubscribe, e-mail:
>>>>>>> tapestry-user-unsubscribe@jakarta.apache.org
>>>>>>> For additional commands, e-mail:
>>>>>>> tapestry-user-help@jakarta.apache.org
>>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>
>>>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>>>> For additional commands, e-mail:
>>>>>> tapestry-user-help@jakarta.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>>> For additional commands, e-mail:
>>>>> tapestry-user-help@jakarta.apache.org
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Howto: turn ssl on and off
Posted by "F. Da Costa" <da...@xs4all.nl>.
Paul Ferraro wrote:
> That's a great question actually.
> I don't think tapestry has simple hooks in the Form and various link
> components to change the url scheme (i.e. http -> https). For the links
Not entirely correct. Judging by the way Tapestry has been put together i
could not imagine that something like this had not been put in place.
As we are talkign about a renderer i started looking through the code and
came across the AbsoluteLinkRenderer. Using this you can set the scheme
(http, https, etc) for the link. :-)
.java
private static AbsoluteLinkRenderer _secureRenderer;
public ILinkRenderer getSecureRenderer() {
if (_secureRenderer==null) {
_secureRenderer = new AbsoluteLinkRenderer();
_secureRenderer. setScheme("https");
_secureRenderer.setPort(8443);
}
return _secureRenderer;
}
.html spec
<a jwcid="@PageLink" href="LoginPage.html" page="LoginPage"
renderer="ognl:secureRenderer" target="frmMain">To login page</a><br />
Basically this should do the trick but i can't get Jetty to respond to port
443 or 8443 yet.
I guess its done once that has been resolved.
Any suggestions?
Fermin
> anyway, you can specifiy your own custom ILinkRenderer that adds
> "https://" and the server domain to the url of the link's href
> attribute. The Form component has no such option, so you would have to
> create a custom component that extends org.apache.tapestry.form.Form.
> I think a feature request isprobably in order here.
> Thinking a bit further, rather than adding options to existing
> components, it may make sense to create a separate SSL component library
> (like the sslext extension in Struts: http://sslext.sourceforge.net)
> that includes extensions of the form and link components and maybe new
> BasePage and BaseComponent objects.
> Does anyone else have any experience with adding SSL support to tapestry
> generated urls? Input from a Tapestry contributer would be greatly
> appreciated...
>
> Paul Ferraro
>
> F. Da Costa wrote:
>
>> Paul Ferraro wrote:
>>
>>> Comments inline...
>>> F. Da Costa wrote:
>>>
>>>> Thx Paul for the swift reply.
>>>>
>>>> But forgive my ignorance re. this subject (never had to go there
>>>> before)
>>>>
>>>> Paul Ferraro wrote:
>>>>
>>>>> Use the Servlet API:
>>>>>
>>>>> if (!requestCycle.getRequestContext().getRequest().isSecure())
>>>>> {
>>>>> throw new PageRedirectException(...);
>>>>> }
>>>>>
>>>>> You might want to place this logic in the pageValidate(PageEvent)
>>>>> method of a base class for pages that require SSL. Activating SSL
>>>>> usually
>>>>
>>>>
>>>>
>>>>
>>>> The part of creating an abstract 'secure' baseclass i understand.
>>>> The Jetty stuff also seems pretty much ok (incl the keystore stuff &
>>>> keygeneration).
>>>>
>>>> The only thing that mystifies me is how the connection suddenly goes
>>>> into the secure mode. The PageRedirect thing i understand (i think).
>>>> I'm not imagining however that handing a 'secured' page to the
>>>> PageRedirectException will suddenly make the connection secure.
>>>> So, if you say Servlet API i can get the servlet and probably do
>>>> something with it but what. Do i need to extend the ApplicationServlet?
>>>>
>>> The connection doesn't change into secure mode - rather, it is
>>> initiated in secure mode (i.e. url starts with https://). This is
>>> often done transparently to the user by redirecting a selected
>>> request to an https:// url,
>>> e.g.
>>> throw new RedirectException("https://www.myserver.com/app/...);
>>> .... but can also be done through a link or form action. The JSSE
>>
>>
>> Ahh, this is very elegant indeed (knowing Tapestry it had to be ;) )
>> If you say through a link or form action are you than referring to
>> 'putting https links in the rendered page'? If so how? Because i was
>> under the impression that only http:// was rendered. (granted i'm no
>> specialist).
>>
>> Thx again for the help. I'll make a small step through when i've got
>> it running properly for those that follow.
>>
>> Fermin
>>
>>
>>> listener will pick up the requests (typically port 443), authenticate
>>> the request, then pass the request off to your application. The
>>> servlet API was designed such that both secure and non-secure request
>>> look the same to a servlet, other than the value returned from
>>> javax.servlet.ServletRequest.isSecure().
>>>
>>> The code excerpt I included in the previous email was not meant to
>>> suddenly make the connection secure. Sorry for the confusion. It is
>>> simply a filter to ensure that the current request is using SSL. The
>>> PageRedirectException from the excerpt was meant to direct non-secure
>>> requests to some error page.
>>>
>>> Hope this helps,
>>>
>>> Paul
>>>
>>>> As you can see i am only partly following your suggestion.
>>>>
>>>>> requires a special socket listener in your servlet container (e.g.
>>>>> for Jetty you would configure a org.mortbay.http.SunJsseListener).
>>>>> See your server's documentation for details.
>>>>
>>>>
>>>>
>>>>
>>>> This bit is fine.
>>>>
>>>> I have an abstract class defined with the pageValidate stuff in there.
>>>> I have got a handle on the servlet.
>>>>
>>>> And not a clue as to what to do next (though i reckon its not too
>>>> horrid) :-{
>>>> Hope there's a bit more help to spare.
>>>>
>>>> TIA
>>>>
>>>> Fermin
>>>>
>>>>
>>>>>
>>>>> Paul Ferraro
>>>>>
>>>>> F. Da Costa wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> This might seem like a silly question but how do i make sure a
>>>>>> user gets into ssl mode (and out again when he's finished)? I.e.
>>>>>> how do i activate/ deactivate ssl in Tapestry?
>>>>>>
>>>>>> Looked through the list & the site but couldn't find a mention.
>>>>>>
>>>>>> TIA
>>>>>>
>>>>>> Fermin DCG
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>>>> For additional commands, e-mail:
>>>>>> tapestry-user-help@jakarta.apache.org
>>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>>>
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: how to make a library? : Taco Tree
Posted by Erik Hatcher <er...@ehatchersolutions.com>.
On Mar 10, 2004, at 6:39 PM, Ezra Epstein wrote:
>> The tree component is now in the contrib library - be sure to use the
>> latest 3.0-beta (or soon RC) version.
>>
>> I believe there are some docs on it, but there is also an example in
>> the latest workbench also.
>>
>
> I hadn't checked the latest and greatest, (was on beta 3). Thank you.
>
> And, just to confirm, this is the new versions of the code that was
> previously in the SourceForge taco project?
Yup.
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
RE: how to make a library? : Taco Tree
Posted by Ezra Epstein <ee...@prajnait.com>.
> The tree component is now in the contrib library - be sure to use the
> latest 3.0-beta (or soon RC) version.
>
> I believe there are some docs on it, but there is also an example in
> the latest workbench also.
>
I hadn't checked the latest and greatest, (was on beta 3). Thank you.
And, just to confirm, this is the new versions of the code that was
previously in the SourceForge taco project?
== Ezra e.
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: how to make a library?
Posted by Erik Hatcher <er...@ehatchersolutions.com>.
The tree component is now in the contrib library - be sure to use the
latest 3.0-beta (or soon RC) version.
I believe there are some docs on it, but there is also an example in
the latest workbench also.
Erik
On Mar 10, 2004, at 3:48 AM, Ezra Epstein wrote:
> Where can I find docs about making a library of components?
>
> More to the point, I want to try out the Tree component(s). Seems that
> unlike most other things in the /contrib folder, the tree component is
> not
> shipped in the binary distribution.... So I've got the source, what
> do I do
> now to make it into a library?
>
> Then, are there any docs for how to use the tree component?
>
> Thanks,
>
> = Ezra E.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
how to make a library?
Posted by Ezra Epstein <ee...@prajnait.com>.
Where can I find docs about making a library of components?
More to the point, I want to try out the Tree component(s). Seems that
unlike most other things in the /contrib folder, the tree component is not
shipped in the binary distribution.... So I've got the source, what do I do
now to make it into a library?
Then, are there any docs for how to use the tree component?
Thanks,
= Ezra E.
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Howto: turn ssl on and off
Posted by Paul Ferraro <pm...@columbia.edu>.
That's a great question actually.
I don't think tapestry has simple hooks in the Form and various link
components to change the url scheme (i.e. http -> https). For the links
anyway, you can specifiy your own custom ILinkRenderer that adds
"https://" and the server domain to the url of the link's href
attribute. The Form component has no such option, so you would have to
create a custom component that extends org.apache.tapestry.form.Form.
I think a feature request isprobably in order here.
Thinking a bit further, rather than adding options to existing
components, it may make sense to create a separate SSL component library
(like the sslext extension in Struts: http://sslext.sourceforge.net)
that includes extensions of the form and link components and maybe new
BasePage and BaseComponent objects.
Does anyone else have any experience with adding SSL support to tapestry
generated urls? Input from a Tapestry contributer would be greatly
appreciated...
Paul Ferraro
F. Da Costa wrote:
> Paul Ferraro wrote:
>
>> Comments inline...
>> F. Da Costa wrote:
>>
>>> Thx Paul for the swift reply.
>>>
>>> But forgive my ignorance re. this subject (never had to go there
>>> before)
>>>
>>> Paul Ferraro wrote:
>>>
>>>> Use the Servlet API:
>>>>
>>>> if (!requestCycle.getRequestContext().getRequest().isSecure())
>>>> {
>>>> throw new PageRedirectException(...);
>>>> }
>>>>
>>>> You might want to place this logic in the pageValidate(PageEvent)
>>>> method of a base class for pages that require SSL. Activating SSL
>>>> usually
>>>
>>>
>>>
>>> The part of creating an abstract 'secure' baseclass i understand.
>>> The Jetty stuff also seems pretty much ok (incl the keystore stuff &
>>> keygeneration).
>>>
>>> The only thing that mystifies me is how the connection suddenly goes
>>> into the secure mode. The PageRedirect thing i understand (i think).
>>> I'm not imagining however that handing a 'secured' page to the
>>> PageRedirectException will suddenly make the connection secure.
>>> So, if you say Servlet API i can get the servlet and probably do
>>> something with it but what. Do i need to extend the ApplicationServlet?
>>>
>> The connection doesn't change into secure mode - rather, it is
>> initiated in secure mode (i.e. url starts with https://). This is
>> often done transparently to the user by redirecting a selected
>> request to an https:// url,
>> e.g.
>> throw new RedirectException("https://www.myserver.com/app/...);
>> .... but can also be done through a link or form action. The JSSE
>
> Ahh, this is very elegant indeed (knowing Tapestry it had to be ;) )
> If you say through a link or form action are you than referring to
> 'putting https links in the rendered page'? If so how? Because i was
> under the impression that only http:// was rendered. (granted i'm no
> specialist).
>
> Thx again for the help. I'll make a small step through when i've got
> it running properly for those that follow.
>
> Fermin
>
>
>> listener will pick up the requests (typically port 443), authenticate
>> the request, then pass the request off to your application. The
>> servlet API was designed such that both secure and non-secure request
>> look the same to a servlet, other than the value returned from
>> javax.servlet.ServletRequest.isSecure().
>>
>> The code excerpt I included in the previous email was not meant to
>> suddenly make the connection secure. Sorry for the confusion. It is
>> simply a filter to ensure that the current request is using SSL. The
>> PageRedirectException from the excerpt was meant to direct non-secure
>> requests to some error page.
>>
>> Hope this helps,
>>
>> Paul
>>
>>> As you can see i am only partly following your suggestion.
>>>
>>>> requires a special socket listener in your servlet container (e.g.
>>>> for Jetty you would configure a org.mortbay.http.SunJsseListener).
>>>> See your server's documentation for details.
>>>
>>>
>>>
>>> This bit is fine.
>>>
>>> I have an abstract class defined with the pageValidate stuff in there.
>>> I have got a handle on the servlet.
>>>
>>> And not a clue as to what to do next (though i reckon its not too
>>> horrid) :-{
>>> Hope there's a bit more help to spare.
>>>
>>> TIA
>>>
>>> Fermin
>>>
>>>
>>>>
>>>> Paul Ferraro
>>>>
>>>> F. Da Costa wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> This might seem like a silly question but how do i make sure a
>>>>> user gets into ssl mode (and out again when he's finished)? I.e.
>>>>> how do i activate/ deactivate ssl in Tapestry?
>>>>>
>>>>> Looked through the list & the site but couldn't find a mention.
>>>>>
>>>>> TIA
>>>>>
>>>>> Fermin DCG
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>>> For additional commands, e-mail:
>>>>> tapestry-user-help@jakarta.apache.org
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Howto: turn ssl on and off
Posted by "F. Da Costa" <da...@xs4all.nl>.
Paul Ferraro wrote:
> Comments inline...
> F. Da Costa wrote:
>
>> Thx Paul for the swift reply.
>>
>> But forgive my ignorance re. this subject (never had to go there before)
>>
>> Paul Ferraro wrote:
>>
>>> Use the Servlet API:
>>>
>>> if (!requestCycle.getRequestContext().getRequest().isSecure())
>>> {
>>> throw new PageRedirectException(...);
>>> }
>>>
>>> You might want to place this logic in the pageValidate(PageEvent)
>>> method of a base class for pages that require SSL. Activating SSL
>>> usually
>>
>>
>> The part of creating an abstract 'secure' baseclass i understand.
>> The Jetty stuff also seems pretty much ok (incl the keystore stuff &
>> keygeneration).
>>
>> The only thing that mystifies me is how the connection suddenly goes
>> into the secure mode. The PageRedirect thing i understand (i think).
>> I'm not imagining however that handing a 'secured' page to the
>> PageRedirectException will suddenly make the connection secure.
>> So, if you say Servlet API i can get the servlet and probably do
>> something with it but what. Do i need to extend the ApplicationServlet?
>>
> The connection doesn't change into secure mode - rather, it is initiated
> in secure mode (i.e. url starts with https://). This is often done
> transparently to the user by redirecting a selected request to an
> https:// url,
> e.g.
> throw new RedirectException("https://www.myserver.com/app/...);
> .... but can also be done through a link or form action. The JSSE
Ahh, this is very elegant indeed (knowing Tapestry it had to be ;) )
If you say through a link or form action are you than referring to 'putting
https links in the rendered page'? If so how? Because i was under the
impression that only http:// was rendered. (granted i'm no specialist).
Thx again for the help. I'll make a small step through when i've got it
running properly for those that follow.
Fermin
> listener will pick up the requests (typically port 443), authenticate
> the request, then pass the request off to your application. The servlet
> API was designed such that both secure and non-secure request look the
> same to a servlet, other than the value returned from
> javax.servlet.ServletRequest.isSecure().
>
> The code excerpt I included in the previous email was not meant to
> suddenly make the connection secure. Sorry for the confusion. It is
> simply a filter to ensure that the current request is using SSL. The
> PageRedirectException from the excerpt was meant to direct non-secure
> requests to some error page.
>
> Hope this helps,
>
> Paul
>
>> As you can see i am only partly following your suggestion.
>>
>>> requires a special socket listener in your servlet container (e.g.
>>> for Jetty you would configure a org.mortbay.http.SunJsseListener).
>>> See your server's documentation for details.
>>
>>
>> This bit is fine.
>>
>> I have an abstract class defined with the pageValidate stuff in there.
>> I have got a handle on the servlet.
>>
>> And not a clue as to what to do next (though i reckon its not too
>> horrid) :-{
>> Hope there's a bit more help to spare.
>>
>> TIA
>>
>> Fermin
>>
>>
>>>
>>> Paul Ferraro
>>>
>>> F. Da Costa wrote:
>>>
>>>> Hi,
>>>>
>>>> This might seem like a silly question but how do i make sure a user
>>>> gets into ssl mode (and out again when he's finished)? I.e. how do i
>>>> activate/ deactivate ssl in Tapestry?
>>>>
>>>> Looked through the list & the site but couldn't find a mention.
>>>>
>>>> TIA
>>>>
>>>> Fermin DCG
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Howto: turn ssl on and off
Posted by Paul Ferraro <pm...@columbia.edu>.
Comments inline...
F. Da Costa wrote:
> Thx Paul for the swift reply.
>
> But forgive my ignorance re. this subject (never had to go there before)
>
> Paul Ferraro wrote:
>
>> Use the Servlet API:
>>
>> if (!requestCycle.getRequestContext().getRequest().isSecure())
>> {
>> throw new PageRedirectException(...);
>> }
>>
>> You might want to place this logic in the pageValidate(PageEvent)
>> method of a base class for pages that require SSL. Activating SSL
>> usually
>
> The part of creating an abstract 'secure' baseclass i understand.
> The Jetty stuff also seems pretty much ok (incl the keystore stuff &
> keygeneration).
>
> The only thing that mystifies me is how the connection suddenly goes
> into the secure mode. The PageRedirect thing i understand (i think).
> I'm not imagining however that handing a 'secured' page to the
> PageRedirectException will suddenly make the connection secure.
> So, if you say Servlet API i can get the servlet and probably do
> something with it but what. Do i need to extend the ApplicationServlet?
>
The connection doesn't change into secure mode - rather, it is initiated
in secure mode (i.e. url starts with https://). This is often done
transparently to the user by redirecting a selected request to an
https:// url,
e.g.
throw new RedirectException("https://www.myserver.com/app/...);
... but can also be done through a link or form action. The JSSE
listener will pick up the requests (typically port 443), authenticate
the request, then pass the request off to your application. The servlet
API was designed such that both secure and non-secure request look the
same to a servlet, other than the value returned from
javax.servlet.ServletRequest.isSecure().
The code excerpt I included in the previous email was not meant to
suddenly make the connection secure. Sorry for the confusion. It is
simply a filter to ensure that the current request is using SSL. The
PageRedirectException from the excerpt was meant to direct non-secure
requests to some error page.
Hope this helps,
Paul
> As you can see i am only partly following your suggestion.
>
>> requires a special socket listener in your servlet container (e.g.
>> for Jetty you would configure a org.mortbay.http.SunJsseListener).
>> See your server's documentation for details.
>
> This bit is fine.
>
> I have an abstract class defined with the pageValidate stuff in there.
> I have got a handle on the servlet.
>
> And not a clue as to what to do next (though i reckon its not too
> horrid) :-{
> Hope there's a bit more help to spare.
>
> TIA
>
> Fermin
>
>
>>
>> Paul Ferraro
>>
>> F. Da Costa wrote:
>>
>>> Hi,
>>>
>>> This might seem like a silly question but how do i make sure a user
>>> gets into ssl mode (and out again when he's finished)? I.e. how do i
>>> activate/ deactivate ssl in Tapestry?
>>>
>>> Looked through the list & the site but couldn't find a mention.
>>>
>>> TIA
>>>
>>> Fermin DCG
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Howto: turn ssl on and off
Posted by "F. Da Costa" <da...@xs4all.nl>.
Thx Paul for the swift reply.
But forgive my ignorance re. this subject (never had to go there before)
Paul Ferraro wrote:
> Use the Servlet API:
>
> if (!requestCycle.getRequestContext().getRequest().isSecure())
> {
> throw new PageRedirectException(...);
> }
>
> You might want to place this logic in the pageValidate(PageEvent) method
> of a base class for pages that require SSL. Activating SSL usually
The part of creating an abstract 'secure' baseclass i understand.
The Jetty stuff also seems pretty much ok (incl the keystore stuff &
keygeneration).
The only thing that mystifies me is how the connection suddenly goes into
the secure mode. The PageRedirect thing i understand (i think). I'm not
imagining however that handing a 'secured' page to the
PageRedirectException will suddenly make the connection secure.
So, if you say Servlet API i can get the servlet and probably do something
with it but what. Do i need to extend the ApplicationServlet?
As you can see i am only partly following your suggestion.
> requires a special socket listener in your servlet container (e.g. for
> Jetty you would configure a org.mortbay.http.SunJsseListener). See your
> server's documentation for details.
This bit is fine.
I have an abstract class defined with the pageValidate stuff in there.
I have got a handle on the servlet.
And not a clue as to what to do next (though i reckon its not too horrid) :-{
Hope there's a bit more help to spare.
TIA
Fermin
>
> Paul Ferraro
>
> F. Da Costa wrote:
>
>> Hi,
>>
>> This might seem like a silly question but how do i make sure a user
>> gets into ssl mode (and out again when he's finished)? I.e. how do i
>> activate/ deactivate ssl in Tapestry?
>>
>> Looked through the list & the site but couldn't find a mention.
>>
>> TIA
>>
>> Fermin DCG
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Howto: turn ssl on and off
Posted by Paul Ferraro <pm...@columbia.edu>.
Use the Servlet API:
if (!requestCycle.getRequestContext().getRequest().isSecure())
{
throw new PageRedirectException(...);
}
You might want to place this logic in the pageValidate(PageEvent) method
of a base class for pages that require SSL. Activating SSL usually
requires a special socket listener in your servlet container (e.g. for
Jetty you would configure a org.mortbay.http.SunJsseListener). See your
server's documentation for details.
Paul Ferraro
F. Da Costa wrote:
> Hi,
>
> This might seem like a silly question but how do i make sure a user
> gets into ssl mode (and out again when he's finished)? I.e. how do i
> activate/ deactivate ssl in Tapestry?
>
> Looked through the list & the site but couldn't find a mention.
>
> TIA
>
> Fermin DCG
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org