Re: [Acegisecurity-developer] How do I avoid the IE redirect warning dialog?

[Joseph Schmoley]

Ok Ben, I understand now.  Except for one minor point...  It's exactly the other way around from what you suggest.  The problem isn't from HTTP to HTTPS, it's from HTTPS to HTTP.  So I'd have to write a _javascript_RetryWithHttpEntryPoint.java and wire it in.  I'll go ahead and do that.   Do you want me to submit it to you guys for inclusion into CVS?  There has to be many others who've run into this issue as well.   Joseph   ----- Original Message ----- From: Ben Alex To: [EMAIL PROTECTED] Sent: Wednesday, June 23, 2004 3:22 PM Subject: Re: [Acegisecurity-developer] How do I avoid the IE redirect warning dialog? Joseph Schmoley wrote: > I took a look at InsecureChannelProcessor and there's no > response.sendRedirect() happening in there.  It's delegating those > types of calls to the entryPoint.commence() methods.  So I guess it's > the RetryWithHttpEntryPoint that I need to extend and provide my own > commence() implementation, right? >  > I just want to be sure I'm getting this right.  When a URI has > determined to be non-secure by the ChannelSecurity component is it > delegating the task of determining whether or not to redirect to the > ChannelProcessors? >  Hi Joseph If you're trying to ensure HTTP requests are redirected to a HTTPS destination, this is performed by the SecureChannelProcessor. SecureChannelProcessor is a ChannelProcessor implementation. The other ChannelProcessor implementation, InsecureChannelProcessor, ensures HTTPS requests are redirected to a HTTP destination. The list of ChannelProcessors is called by the ChannelDecisionManagerImpl. SecureChannelProcessor, if it detects HTTPS is not in use, will by default call RetryWithHttpsEntryPoint. So you need to write a _javascript_RetryWithHttpsEntryPoint, and then SecureChannelProcessor.setEntryPoint(_javascript_RetryWithHttpsEntryPoint) in your application context. Best regards Ben ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer