You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by mg...@apache.org on 2010/09/09 20:48:22 UTC
svn commit: r995536 - in
/wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/https:
HttpsConfig.java HttpsMapper.java
Author: mgrigorov
Date: Thu Sep 9 18:48:22 2010
New Revision: 995536
URL: http://svn.apache.org/viewvc?rev=995536&view=rev
Log:
WICKET-2903 CLONE -HttpsRequestCycleProcessor causes HttpSession to be created
WICKET-3016 Port to 1.5
Port to 1.5 the https config flag whether to bind the Session before going https or not.
Modified:
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsConfig.java
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsMapper.java
Modified: wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsConfig.java
URL: http://svn.apache.org/viewvc/wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsConfig.java?rev=995536&r1=995535&r2=995536&view=diff
==============================================================================
--- wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsConfig.java (original)
+++ wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsConfig.java Thu Sep 9 18:48:22 2010
@@ -27,6 +27,12 @@ public class HttpsConfig
private int httpsPort;
/**
+ * A flag which can be used to configure {@link HttpsRequestCycleProcessor} to bind or not the
+ * session before switching to secure (https) mode
+ */
+ private boolean preferStateful = true;
+
+ /**
* Constructor
*/
public HttpsConfig()
@@ -84,4 +90,31 @@ public class HttpsConfig
{
return httpsPort;
}
+
+ /**
+ * @see #setPreferStateful(boolean)
+ * @return preferStateless
+ */
+ public boolean isPreferStateful()
+ {
+ return preferStateful;
+ }
+
+ /**
+ * Sets whether or not a new session is created before redirecting from {@code http} to
+ * {@code https}
+ * <p>
+ * BE VERY CAREFUL WHEN SETTING THIS VALUE TO {@code false}.
+ *
+ * If set to {@code false} it is possible that the session created when in {@code https} pages
+ * will not be accessible to {@code http} pages, and so you may end up with two sessions per
+ * user both potentially containing different login information.
+ * </p>
+ *
+ * @param preferStateful
+ */
+ public void setPreferStateful(boolean preferStateful)
+ {
+ this.preferStateful = preferStateful;
+ }
}
Modified: wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsMapper.java
URL: http://svn.apache.org/viewvc/wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsMapper.java?rev=995536&r1=995535&r2=995536&view=diff
==============================================================================
--- wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsMapper.java (original)
+++ wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/https/HttpsMapper.java Thu Sep 9 18:48:22 2010
@@ -92,9 +92,13 @@ public class HttpsMapper implements IReq
final IRequestHandler httpsHandler = checker.checkSecureIncoming(requestHandler,
httpsConfig);
- // we need to persist the session before a redirect to https so the session lasts
- // across both http and https calls.
- Session.get().bind();
+ // XXX do we need to check if httpsHandler is instance of SwitchProtocolRequestHandler
+ if (httpsConfig.isPreferStateful())
+ {
+ // we need to persist the session before a redirect to https so the session lasts
+ // across both http and https calls.
+ Session.get().bind();
+ }
requestHandler = httpsHandler;
}