How to secure (via SSL) only a subset of Tapestry pages?

["matthew c. mead" <m-...@goof.com>]

It looks like in the near future I may need to secure via SSL and 
client-certificates a portion of a Tapestry application.

If I were developing with another framework (like struts) I would have a 
different set of URIs mapped to handle this part of the application, and 
I would apply a transport-guarantee directive to force automatic 
redirect to the SSL port if the content were accessed via the clear http 
port.

I'm not sure how to go about this with Tapestry.  I could double-map the 
application servlet, but then wouldn't it allow for any pages defined to 
be accessed via either mapping of the servlet?

Am I missing an obvious solution?

Thanks!



-matt

-- 
matthew c. mead

http://www.goof.com/

Re: How to secure (via SSL) only a subset of Tapestry pages?

[Fermin Da Costa Gomez <da...@gmail.com>]

matthew c. mead wrote:
> It looks like in the near future I may need to secure via SSL and 
> client-certificates a portion of a Tapestry application.
> 
> If I were developing with another framework (like struts) I would have a 
> different set of URIs mapped to handle this part of the application, and 
> I would apply a transport-guarantee directive to force automatic 
> redirect to the SSL port if the content were accessed via the clear http 
> port.
> 
> I'm not sure how to go about this with Tapestry.  I could double-map the 
> application servlet, but then wouldn't it allow for any pages defined to 
> be accessed via either mapping of the servlet?
> 
> Am I missing an obvious solution?
Have a good look through the archives because i know i posted a set of .jwc 
components that does what you just described.

Cheers,
Fermin DCG
> 
> Thanks!
> 
> 
> 
> -matt
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org

Re: How to secure (via SSL) only a subset of Tapestry pages?

["Matthew C. Mead" <m-...@goof.com>]

Thanks, this is a good suggestion.

It's not quite as dependent on container behavior, either.  I like to 
make use of standardisms in the container behavior, but I've been caught 
out by that as well.



-matt

Random Tapestry User wrote:

> Couldn't you just create an "SSLPage" class and all the pages that you 
> want to protect with ssl subclass the SSLPage ?
> Then, in the SSLPage, you could add a pageValidate that looks at the 
> method of the url (http or https) and redirect to the same URL, only 
> changing the http to https if the method was http ?
>
> I've done this successfully in other (non-Tapestry) apps with no problem.
>
> tappapp
>
> matthew c. mead wrote:
>
>> It looks like in the near future I may need to secure via SSL and 
>> client-certificates a portion of a Tapestry application.
>>
>> If I were developing with another framework (like struts) I would 
>> have a different set of URIs mapped to handle this part of the 
>> application, and I would apply a transport-guarantee directive to 
>> force automatic redirect to the SSL port if the content were accessed 
>> via the clear http port.
>>
>> I'm not sure how to go about this with Tapestry.  I could double-map 
>> the application servlet, but then wouldn't it allow for any pages 
>> defined to be accessed via either mapping of the servlet?
>>
>> Am I missing an obvious solution?
>>
>> Thanks!
>>
>>
>>
>> -matt
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>

Re: How to secure (via SSL) only a subset of Tapestry pages?

[Random Tapestry User <ta...@comcast.net>]

Couldn't you just create an "SSLPage" class and all the pages that you 
want to protect with ssl subclass the SSLPage ?
Then, in the SSLPage, you could add a pageValidate that looks at the 
method of the url (http or https) and redirect to the same URL, only 
changing the http to https if the method was http ?

I've done this successfully in other (non-Tapestry) apps with no problem.

tappapp

matthew c. mead wrote:

> It looks like in the near future I may need to secure via SSL and 
> client-certificates a portion of a Tapestry application.
>
> If I were developing with another framework (like struts) I would have 
> a different set of URIs mapped to handle this part of the application, 
> and I would apply a transport-guarantee directive to force automatic 
> redirect to the SSL port if the content were accessed via the clear 
> http port.
>
> I'm not sure how to go about this with Tapestry.  I could double-map 
> the application servlet, but then wouldn't it allow for any pages 
> defined to be accessed via either mapping of the servlet?
>
> Am I missing an obvious solution?
>
> Thanks!
>
>
>
> -matt
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org