You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by "matthew c. mead" <m-...@goof.com> on 2005/04/07 19:48:43 UTC
How to secure (via SSL) only a subset of Tapestry pages?
It looks like in the near future I may need to secure via SSL and
client-certificates a portion of a Tapestry application.
If I were developing with another framework (like struts) I would have a
different set of URIs mapped to handle this part of the application, and
I would apply a transport-guarantee directive to force automatic
redirect to the SSL port if the content were accessed via the clear http
port.
I'm not sure how to go about this with Tapestry. I could double-map the
application servlet, but then wouldn't it allow for any pages defined to
be accessed via either mapping of the servlet?
Am I missing an obvious solution?
Thanks!
-matt
--
matthew c. mead
http://www.goof.com/
Re: How to secure (via SSL) only a subset of Tapestry pages?
Posted by Fermin Da Costa Gomez <da...@gmail.com>.
matthew c. mead wrote:
> It looks like in the near future I may need to secure via SSL and
> client-certificates a portion of a Tapestry application.
>
> If I were developing with another framework (like struts) I would have a
> different set of URIs mapped to handle this part of the application, and
> I would apply a transport-guarantee directive to force automatic
> redirect to the SSL port if the content were accessed via the clear http
> port.
>
> I'm not sure how to go about this with Tapestry. I could double-map the
> application servlet, but then wouldn't it allow for any pages defined to
> be accessed via either mapping of the servlet?
>
> Am I missing an obvious solution?
Have a good look through the archives because i know i posted a set of .jwc
components that does what you just described.
Cheers,
Fermin DCG
>
> Thanks!
>
>
>
> -matt
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: How to secure (via SSL) only a subset of Tapestry pages?
Posted by "Matthew C. Mead" <m-...@goof.com>.
Thanks, this is a good suggestion.
It's not quite as dependent on container behavior, either. I like to
make use of standardisms in the container behavior, but I've been caught
out by that as well.
-matt
Random Tapestry User wrote:
> Couldn't you just create an "SSLPage" class and all the pages that you
> want to protect with ssl subclass the SSLPage ?
> Then, in the SSLPage, you could add a pageValidate that looks at the
> method of the url (http or https) and redirect to the same URL, only
> changing the http to https if the method was http ?
>
> I've done this successfully in other (non-Tapestry) apps with no problem.
>
> tappapp
>
> matthew c. mead wrote:
>
>> It looks like in the near future I may need to secure via SSL and
>> client-certificates a portion of a Tapestry application.
>>
>> If I were developing with another framework (like struts) I would
>> have a different set of URIs mapped to handle this part of the
>> application, and I would apply a transport-guarantee directive to
>> force automatic redirect to the SSL port if the content were accessed
>> via the clear http port.
>>
>> I'm not sure how to go about this with Tapestry. I could double-map
>> the application servlet, but then wouldn't it allow for any pages
>> defined to be accessed via either mapping of the servlet?
>>
>> Am I missing an obvious solution?
>>
>> Thanks!
>>
>>
>>
>> -matt
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
Re: How to secure (via SSL) only a subset of Tapestry pages?
Posted by Random Tapestry User <ta...@comcast.net>.
Couldn't you just create an "SSLPage" class and all the pages that you
want to protect with ssl subclass the SSLPage ?
Then, in the SSLPage, you could add a pageValidate that looks at the
method of the url (http or https) and redirect to the same URL, only
changing the http to https if the method was http ?
I've done this successfully in other (non-Tapestry) apps with no problem.
tappapp
matthew c. mead wrote:
> It looks like in the near future I may need to secure via SSL and
> client-certificates a portion of a Tapestry application.
>
> If I were developing with another framework (like struts) I would have
> a different set of URIs mapped to handle this part of the application,
> and I would apply a transport-guarantee directive to force automatic
> redirect to the SSL port if the content were accessed via the clear
> http port.
>
> I'm not sure how to go about this with Tapestry. I could double-map
> the application servlet, but then wouldn't it allow for any pages
> defined to be accessed via either mapping of the servlet?
>
> Am I missing an obvious solution?
>
> Thanks!
>
>
>
> -matt
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org