Thanks, yes that makes sense. The implication, then, is that this is a niche behaviour that would be best implemented in an ftplet, and not something that be available all the time, to be configured in the <listener> element?
On 14 September 2010 16:18, Sai Pullabhotla <[email protected]>wrote: > You should be able to this with an Ftplet that captures the > beforeCommand (USER command) event, and make sure the session is > secured. If the session was not secured already, send a 5xx/4xx reply > from the Ftplet, and optionally close the session. > FtpSession.isSecure() is the method you need to use for determining > this. > > Hope this helps. > Sai. > > On Tue, Sep 14, 2010 at 10:09 AM, John Hartnup <[email protected]> > wrote: > > Hi, > > > > Reading the config docs, and briefly examining the source, it seems as if > > explicit SSL is supported (AUTH TLS) but that there's no way to disallow > > login if the session hasn't been secured. > > > > 1. Have I got that wrong? > > 2. Does anyone have any opinion on the best place to add that feature? My > > (naive?) instinct is to add a test in > org.apache.ftpserver.command.imp.USER > > or possibly PASS. > > > > Thanks, > > John > > > > -- > > "There is no way to peace; peace is the way" > > > -- "There is no way to peace; peace is the way"
