Raible's Wiki: AppFuseSecuritySettings

-       Raible's Wiki




    Raible Designs

Wiki Home

News

Recent Changes

AppFuse
Homepage

  -  Korean

  -  Chinese

  -  Italian

  -  Japanese

QuickStart Guide

  - Chinese
 
  - French

  - German

  - Italian

  - Korean

  - Portuguese

  - Spanish

  - Japanese


User Guide

  - Korean

  - Chinese
 

Tutorials

  -  Chinese

  -  German

  -  Italian

  -  Korean

  -  Portuguese

  -  Spanish


FAQ

  -  Korean


Latest Downloads

Other Applications
Struts Resume

Security Example

Struts Menu



    




    

    
         
        Set your name in

        UserPreferences
            
    





       
       
       
       




    

Referenced by

AppFuseAddServlet



    




   



   
   JSPWiki v2.2.33 
   



       
           

           

           
           
           


           Hide Menu
+            AppFuseSecuritySettings
            



  
    Search Wiki:
    
    
  



         
         
            Your trail: 
         
      

      


      

      
         



      
          Difference between 
          version 7 
          and 
          version 3:
          

          
At line 1 added 2 lines.
%%note __NOTE:__ These instructions apply to AppFuse versions &lt; 1.8. AppFuse has used [Acegi Security|AppFuseAuthentication] since the 1.8 release.%%

At line 28 added 36 lines.


----

!Force a page/action to use SSL
The simplest way is to add a tag to your {{.jsp}} file.
{{{
    <appfuse:secure/>
}}}

A couple of other methods from [this mail list thread|https://appfuse.dev.java.net/servlets/ReadMsg?list=users&msgId=112709]:

__1.__ Secure your Action programmatically by requiring that it uses https.  This works, but doesn't encrypt any data b/w the user's browser and your action.  Below is an example from ActionFilter.
{{{
        String redirectString =
            SslUtil.getRedirectString(request, 
                    config.getServletContext(),
                    secure.booleanValue());

        if (redirectString != null) {
            if (log.isDebugEnabled()) {
                log.debug("protocol switch needed, redirecting to '" +
                        redirectString + "'");
            }

            // Redirect the page to the desired URL
            response.sendRedirect(response.encodeRedirectURL(redirectString));

            // ensure we don't chain to requested resource
            return;
        }
}}}

__2.__ Secure URL patterns in web.xml and set a constraint to TRANSPORT-GUARANTEE.

%%note __NOTE:__ The problem with both of the above is there are no mechanisms for returning you ''back'' to http.  One way is to use the JSP tag {{<appfuse:secure mode="unsecured"/>}} or you could use the {{SslUtil}} at the end of your action to return you.%%


          

      

      

      
      Back to AppFuseSecuritySettings,
       or to the Page History.
       

      

      

      

      

      

      

      

      Show Menu
-AppFuseSecuritySettings
+    Search Wiki:
 At line 1 added 2 lines.
+%%note __NOTE:__ These instructions apply to AppFuse versions &lt; 1.8. AppFuse has used [Acegi Security|AppFuseAuthentication] since the 1.8 release.%%
 At line 28 added 36 lines.
+----
+!Force a page/action to use SSL
+The simplest way is to add a tag to your {{.jsp}} file.
+{{{
+    <appfuse:secure/>
+}}}
+A couple of other methods from [this mail list thread|https://appfuse.dev.java.net/servlets/ReadMsg?list=users&msgId=112709]:
+__1.__ Secure your Action programmatically by requiring that it uses https.  This works, but doesn't encrypt any data b/w the user's browser and your action.  Below is an example from ActionFilter.
+{{{
+        String redirectString =
+            SslUtil.getRedirectString(request,
+                    config.getServletContext(),
+                    secure.booleanValue());
+        if (redirectString != null) {
+            if (log.isDebugEnabled()) {
+                log.debug("protocol switch needed, redirecting to '" +
+                        redirectString + "'");
+            }
+            // Redirect the page to the desired URL
+            response.sendRedirect(response.encodeRedirectURL(redirectString));
+            // ensure we don't chain to requested resource
+            return;
+        }
+}}}
+__2.__ Secure URL patterns in web.xml and set a constraint to TRANSPORT-GUARANTEE.
+%%note __NOTE:__ The problem with both of the above is there are no mechanisms for returning you ''back'' to http.  One way is to use the JSP tag {{<appfuse:secure mode="unsecured"/>}} or you could use the {{SslUtil}} at the end of your action to return you.%%