AppFuseSecuritySettings |
|
Your trail: |
Difference between
version 7
and
version 2:
At line 1 changed 1 line. |
!!Securtiy Settings in AppFuse |
%%note __NOTE:__ These instructions apply to AppFuse versions < 1.8. AppFuse has used [Acegi Security|AppFuseAuthentication] since the 1.8 release.%% |
At line 3 added 2 lines. |
!!Security Settings in AppFuse |
|
At line 28 added 36 lines. |
|
|
---- |
|
!Force a page/action to use SSL |
The simplest way is to add a tag to your {{.jsp}} file. |
{{{ |
<appfuse:secure/> |
}}} |
|
A couple of other methods from [this mail list thread|https://appfuse.dev.java.net/servlets/ReadMsg?list=users&msgId=112709]: |
|
__1.__ Secure your Action programmatically by requiring that it uses https. This works, but doesn't encrypt any data b/w the user's browser and your action. Below is an example from ActionFilter. |
{{{ |
String redirectString = |
SslUtil.getRedirectString(request, |
config.getServletContext(), |
secure.booleanValue()); |
|
if (redirectString != null) { |
if (log.isDebugEnabled()) { |
log.debug("protocol switch needed, redirecting to '" + |
redirectString + "'"); |
} |
|
// Redirect the page to the desired URL |
response.sendRedirect(response.encodeRedirectURL(redirectString)); |
|
// ensure we don't chain to requested resource |
return; |
} |
}}} |
|
__2.__ Secure URL patterns in web.xml and set a constraint to TRANSPORT-GUARANTEE. |
|
%%note __NOTE:__ The problem with both of the above is there are no mechanisms for returning you ''back'' to http. One way is to use the JSP tag {{<appfuse:secure mode="unsecured"/>}} or you could use the {{SslUtil}} at the end of your action to return you.%% |
Back to AppFuseSecuritySettings,
or to the Page History.
|