Ok Ben, I understand now. Except for one minor
point... It's exactly the other way around from what you suggest.
The problem isn't from HTTP to HTTPS, it's from HTTPS to HTTP. So I'd have
to write a _javascript_RetryWithHttpEntryPoint.java and wire it in. I'll go
ahead and do that.
Do you want me to submit it to you guys for inclusion into
CVS? There has to be many others who've run into this issue as
well.
Joseph
----- Original Message -----
From: Ben Alex
Sent: Wednesday, June 23, 2004 3:22 PM
Subject: Re: [Acegisecurity-developer] How do I avoid the IE
redirect warning dialog? > I took a look at InsecureChannelProcessor and there's no > response.sendRedirect() happening in there. It's delegating those > types of calls to the entryPoint.commence() methods. So I guess it's > the RetryWithHttpEntryPoint that I need to extend and provide my own > commence() implementation, right? > > I just want to be sure I'm getting this right. When a URI has > determined to be non-secure by the ChannelSecurity component is it > delegating the task of determining whether or not to redirect to the > ChannelProcessors? > Hi Joseph If you're trying to ensure HTTP requests are redirected to a HTTPS destination, this is performed by the SecureChannelProcessor. SecureChannelProcessor is a ChannelProcessor implementation. The other ChannelProcessor implementation, InsecureChannelProcessor, ensures HTTPS requests are redirected to a HTTP destination. The list of ChannelProcessors is called by the ChannelDecisionManagerImpl. SecureChannelProcessor, if it detects HTTPS is not in use, will by default call RetryWithHttpsEntryPoint. So you need to write a _javascript_RetryWithHttpsEntryPoint, and then SecureChannelProcessor.setEntryPoint(_javascript_RetryWithHttpsEntryPoint) in your application context. Best regards Ben ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer |
- [Acegisecurity-developer] How do I avoid the IE redirect w... Joseph Schmoley
- Re: [Acegisecurity-developer] How do I avoid the IE r... Ben Alex
- Re: [Acegisecurity-developer] How do I avoid the ... Joseph Schmoley
- Re: [Acegisecurity-developer] How do I avoid ... Ben Alex
- Re: [Acegisecurity-developer] How do I av... Joseph Schmoley
- Re: [Acegisecurity-developer] How do... Ben Alex
- [Acegisecurity-developer] Authen... Joseph Schmoley
- Re: [Acegisecurity-developer... Ben Alex