Joseph Schmoley wrote:
I took a look at InsecureChannelProcessor and there's no response.sendRedirect() happening in there. It's delegating those types of calls to the entryPoint.commence() methods. So I guess it's the RetryWithHttpEntryPoint that I need to extend and provide my own commence() implementation, right?
I just want to be sure I'm getting this right. When a URI has determined to be non-secure by the ChannelSecurity component is it delegating the task of determining whether or not to redirect to the ChannelProcessors?
Hi Joseph
If you're trying to ensure HTTP requests are redirected to a HTTPS destination, this is performed by the SecureChannelProcessor. SecureChannelProcessor is a ChannelProcessor implementation. The other ChannelProcessor implementation, InsecureChannelProcessor, ensures HTTPS requests are redirected to a HTTP destination. The list of ChannelProcessors is called by the ChannelDecisionManagerImpl.
SecureChannelProcessor, if it detects HTTPS is not in use, will by default call RetryWithHttpsEntryPoint. So you need to write a JavaScriptRetryWithHttpsEntryPoint, and then SecureChannelProcessor.setEntryPoint(JavaScriptRetryWithHttpsEntryPoint) in your application context.
Best regards Ben
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
