Raible's Wiki

Raible Designs
Wiki Home
News
Recent Changes

AppFuse

Homepage
  - Korean
  - Chinese
  - Italian
  - Japanese

QuickStart Guide
  - Chinese
  - French
  - German
  - Italian
  - Korean
  - Portuguese
  - Spanish
  - Japanese

User Guide
  - Korean
  - Chinese

Tutorials
  - Chinese
  - German
  - Italian
  - Korean
  - Portuguese
  - Spanish

FAQ
  - Korean

Latest Downloads

Other Applications

Struts Resume
Security Example
Struts Menu

Set your name in
UserPreferences


Referenced by
AppFuseAddServlet




JSPWiki v2.2.33

[RSS]


Hide Menu

AppFuseSecuritySettings


Difference between version 7 and version 2:

At line 1 changed 1 line.
!!Securtiy Settings in AppFuse
%%note __NOTE:__ These instructions apply to AppFuse versions < 1.8. AppFuse has used [Acegi Security|AppFuseAuthentication] since the 1.8 release.%%
At line 3 added 2 lines.
!!Security Settings in AppFuse
At line 28 added 36 lines.
----
!Force a page/action to use SSL
The simplest way is to add a tag to your {{.jsp}} file.
{{{
<appfuse:secure/>
}}}
A couple of other methods from [this mail list thread|https://appfuse.dev.java.net/servlets/ReadMsg?list=users&msgId=112709]:
__1.__ Secure your Action programmatically by requiring that it uses https. This works, but doesn't encrypt any data b/w the user's browser and your action. Below is an example from ActionFilter.
{{{
String redirectString =
SslUtil.getRedirectString(request,
config.getServletContext(),
secure.booleanValue());
if (redirectString != null) {
if (log.isDebugEnabled()) {
log.debug("protocol switch needed, redirecting to '" +
redirectString + "'");
}
// Redirect the page to the desired URL
response.sendRedirect(response.encodeRedirectURL(redirectString));
// ensure we don't chain to requested resource
return;
}
}}}
__2.__ Secure URL patterns in web.xml and set a constraint to TRANSPORT-GUARANTEE.
%%note __NOTE:__ The problem with both of the above is there are no mechanisms for returning you ''back'' to http. One way is to use the JSP tag {{<appfuse:secure mode="unsecured"/>}} or you could use the {{SslUtil}} at the end of your action to return you.%%

Back to AppFuseSecuritySettings, or to the Page History.