Resurrecting this thread from the dead :D
disclaimer: I am very new to wicket and its philosophy, so I am making
some points related to secure pages.
I read about securing pages though ssl and made a comment there
Dave,
There is a difference in how items are displayed and how submits/links are
to be performed. There are cases where a HTTP page has a form that is to be
submitted via HTTPS. And furthermore, when an Page is to be displayed via
HTTPS, not all items (images,resources) are to be served via
Hi, Doug.
Most of my clients do not want to have trivial resources (js,
css, images)
fetched via HTTPS. This creates an undo burden on the SSL pipe and
ultimately affects performance, user experience, and capacity planning.
While this is trivial for a 100 user site with 1 txn/sec, this
On 26 Sep 2007, at 12:26, Doug Leeper wrote:
- All images and resource links are to be accessed via HTTP
irregardless if
the page itself is to be displayed in HTTP/HTTPS
Most browsers will complain when non-secure elements are included on
a secured page.
This page contains both
: Redirect to HTTPS?
Hi, Doug.
Most of my clients do not want to have trivial resources (js,
css, images)
fetched via HTTPS. This creates an undo burden on the SSL pipe and
ultimately affects performance, user experience, and capacity planning.
While this is trivial for a 100 user site with 1
I haven't tested but I think the solution is to override public final
CharSequence encode(final RequestCycle requestCycle,final IRequestTarget
requestTarget)BUT...it is final so we can't reuse the class directly but
have to make a copy.
And this is where your alarm bells should go
Eelco Hillenius wrote:
I stand by my suggestion that you could just try to redirect to a
secure page. After that, the relative URLs stay secure no?
If I'm missing something, please tell.
Eelco
I think we are both missing something. There are a couple of situations
(aka
I have no problem with the approach in finals. I think you guys have done a
great job.
Please see my response
http://www.nabble.com/Redirect-to-HTTPS--tf4509537.html#a12878724 here
I, too, am very interested in the feedback on this.
Eelco Hillenius wrote:
I haven't tested but I think
Thanks for your input guys, after some experimenting I used the
annotation solution and got it working on 1.3 with some tweaking. I
had to take out the IResponseStrategy and just override respond(..)
in the RequestCycleProcessor instead. Also the redirection portion
had to be rewritten as
I'm not as expert in cryptology, but many of the use cases you write
below somehow don't seem right to me.
1. A page has information that needs to be secure, i.e. demographic
information, billing information. This information can be accessed from a
non-secured page, i.e. home page
Is the
just take whatever has been discussed on this list and strip it down to
whatever level you need. i dont think any one is interesting in doing this
for you...
-igor
On 9/24/07, Daniel Frisk [EMAIL PROTECTED] wrote:
I'm trying to add a check to the constructor on one of our pages (a
credit
Well... Now that was certainly helpful. This was not intended as a
do my homework question, read it as: I don't know Wicket inside
out yet and could use a hint if someone gets an idea from reading my
question. You wasn't that someone today and you didn't help with
your post, you lose karma
well, i dont know. you said you have seen a few solutions on this list but
they are too complicated. you want something more stripped down. so why not
strip it down yourself. sure sounds like do my homework for me.
as far as karma, im already in the negative.
-gior
On 9/24/07, Daniel Frisk
On 9/24/07, Daniel Frisk [EMAIL PROTECTED] wrote:
I'm trying to add a check to the constructor on one of our pages (a
credit card processing page) which should:
1. If protocol is HTTPS; continue as usual
2. Else redirect so that HTTPS is used to access the same page
I saw the sample in the
Hi,
In my previous project, it was done by configuring (rewrite rules) the http
front-end (apache, lighttpd,...).
It's an other solution, that avoid developper to deal certificate and all the
ssl machinery.
/david
Daniel Frisk wrote:
I'm trying to add a check to the constructor on one of our
I have been attempting to get HTTPS/SSL working in my app too.
Unfortunately, I have hit a wall...mostly b/c I am learning the
API/Framework.
In any case, the Example in the WIKI is outdated (v 1.2???) It won't work
with 1.3 as is (no IResponseStrategy any more). However, I do believe I
have
16 matches
Mail list logo