Hi Vincent, my use case is indeed to verify that the container is set up correctly. I try to write a installation verification programm for our base configuration.
Another use case would be the test of form based login, as some containers allow this only through secure connections. Checking that session handling based on ssl-id works correctly would be a third. On the other hand will existing cactus test fail if a container is set up to only allow https connections. In that case the setup is not transparent to the application (Webapp containing cactus tests) because the application doesn't work. Your point about additional requirements on the client side is true, but only to the extend that most JDKs already meet the requirements and you have to cope with this anyway if you want to run a secure environment. If you don't those requirements don't bother you. As most of our current problems are based on errors in the container implementation it is a good thing to be able to test those container specific behaviors. --MK -----Urspr�ngliche Nachricht----- Von: Vincent Massol [mailto:[EMAIL PROTECTED]] Gesendet am: Samstag, 31. August 2002 20:37 An: 'Cactus Users List' Betreff: RE: HTTPS Hi Michael, Yes, it is a possibility. Actually it shouldn't be too hard to support. I'm less sure about the benefits. My reasons are: - HTTPS is supposed to be completely transparent from the point of view of the application which shouldn't care if HTTP or HTTPS was used. HTTP is more a deployment choice I think. BTW, I don't recall any API in the Servlet spec related to HTTPS (and I don't think it should). - Using HTTPS would require additional jars to be put on the client side classpath. It would also require additional setup on the server side (certificates, config, etc) to support it. - The only thing it would buy us would be to ensure that HTTPs is set up correctly in the application configuration (as opposed to the code). ATM Cactus is mostly concerned to test the code - although it also tests its interaction with the container. HTTPS would purely test container set up and not the code (unless I am mistaken somewhere ...). Do you have any specific use case in mind ? Thanks -Vincent > -----Original Message----- > From: Koegel, Michael [mailto:[EMAIL PROTECTED]] > Sent: 22 August 2002 09:13 > To: [EMAIL PROTECTED] > Subject: HTTPS > > Hi all, > > will Cactus-xy-1.4 support HTTPS now that HTTPClient is used? > > Regards, > Michael > > > -- > To unsubscribe, e-mail: <mailto:cactus-user- > [EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:cactus-user- > [EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
