A future release could have a setting on the listener to force a secure session. You might want to open a case in JIRA for this. I think this would be a good addition.
On Tue, Sep 14, 2010 at 10:37 AM, John Hartnup <john.hart...@gmail.com> wrote: > Thanks, yes that makes sense. > > The implication, then, is that this is a niche behaviour that would be best > implemented in an ftplet, and not something that be available all the time, > to be configured in the <listener> element? > > On 14 September 2010 16:18, Sai Pullabhotla > <sai.pullabho...@jmethods.com>wrote: > >> You should be able to this with an Ftplet that captures the >> beforeCommand (USER command) event, and make sure the session is >> secured. If the session was not secured already, send a 5xx/4xx reply >> from the Ftplet, and optionally close the session. >> FtpSession.isSecure() is the method you need to use for determining >> this. >> >> Hope this helps. >> Sai. >> >> On Tue, Sep 14, 2010 at 10:09 AM, John Hartnup <john.hart...@gmail.com> >> wrote: >> > Hi, >> > >> > Reading the config docs, and briefly examining the source, it seems as if >> > explicit SSL is supported (AUTH TLS) but that there's no way to disallow >> > login if the session hasn't been secured. >> > >> > 1. Have I got that wrong? >> > 2. Does anyone have any opinion on the best place to add that feature? My >> > (naive?) instinct is to add a test in >> org.apache.ftpserver.command.imp.USER >> > or possibly PASS. >> > >> > Thanks, >> > John >> > >> > -- >> > "There is no way to peace; peace is the way" >> > >> > > > > -- > "There is no way to peace; peace is the way" >
