On Mar 31, 2009, at 2:07 PM, Angelo Matarazzo wrote:
Hello, Everyone
I have seen the new security improvement, but I would like to know
if there
is a global property in order to ignore https="true" for every
request.
To ignore https in every controller.xml, I have set https=N in
url.properties
and I have also modified ConfigXml.java in this way
- if (securityElement != null) {
- this.securityHttps =
"true".equals(securityElement.getAttribute("https"));
+ if (securityElement != null) {
+ this.securityHttps = false;
Wouldn't this change make the https attribute of the security element
in the controller.xml file always ignored, ie never used?
You could certainly do this in a local patch (though I wouldn't
recommend it...), but no we would not want to make sure changes in the
project.
-David
So I don't use secure URLs.
Waht do you think about global property and my solution?
Any advice would be greatly appreciated.
Thank you
--
View this message in context:
http://www.nabble.com/Problem-with-https-tp22810404p22810404.html
Sent from the OFBiz - User mailing list archive at Nabble.com.