Hi,
I'd like to create automatic login with the following setup:
- The auto-login key is stored in a secure cookie issued only over https.
- I have created a separate page for this, it can read (a do
authentication) or update the cookie (on form login), and it is
sending the cookie only over
It seems that I've buried myself too deep in the world of bookmarkable
pages that I've forgotten the basics of http. Oh dear, such a simple
answer, it must be Friday... :)
Thanks,
Istvan
On Fri, Jan 8, 2010 at 5:30 PM, Igor Vaynberg igor.vaynb...@gmail.com wrote:
but you do have the original
, please tell.
-
Claudio Miranda
http://weblogs.java.net/blog/claudio
http://www.claudius.com.br/blog
--
View this message in context:
http://www.nabble.com/Redirect-to-HTTPS--tp12861028p15618826.html
Sent from the Wicket - User mailing list archive at Nabble.com
.
The behaviors in your suggested approach are this:
- I cannot have a login portlet on the home page submit the form via
HTTPS unless the Home Page is in HTTPS
- When on any secure page, the link to Company info page will first
submit via HTTPS then redirect to HTTP (two network requests)
- When on any
are this:
- I cannot have a login portlet on the home page submit the form via
HTTPS unless the Home Page is in HTTPS
Yep, that's what I'm saying. ;-)
You could always provide a link to a secure login page.
- When on any secure page, the link to Company info page will first
submit via HTTPS
On 26 Sep 2007, at 12:26, Doug Leeper wrote:
- All images and resource links are to be accessed via HTTP
irregardless if
the page itself is to be displayed in HTTP/HTTPS
Most browsers will complain when non-secure elements are included on
a secured page.
This page contains both
: Redirect to HTTPS?
Hi, Doug.
Most of my clients do not want to have trivial resources (js,
css, images)
fetched via HTTPS. This creates an undo burden on the SSL pipe and
ultimately affects performance, user experience, and capacity planning.
While this is trivial for a 100 user site with 1
I haven't tested but I think the solution is to override public final
CharSequence encode(final RequestCycle requestCycle,final IRequestTarget
requestTarget)BUT...it is final so we can't reuse the class directly but
have to make a copy.
And this is where your alarm bells should go
the proposed solution.
Thanks
- Doug
--
View this message in context:
http://www.nabble.com/Redirect-to-HTTPS--tf4509537.html#a12878724
Sent from the Wicket - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL
I have no problem with the approach in finals. I think you guys have done a
great job.
Please see my response
http://www.nabble.com/Redirect-to-HTTPS--tf4509537.html#a12878724 here
I, too, am very interested in the feedback on this.
Eelco Hillenius wrote:
I haven't tested but I think
Thanks for your input guys, after some experimenting I used the
annotation solution and got it working on 1.3 with some tweaking. I
had to take out the IResponseStrategy and just override respond(..)
in the RequestCycleProcessor instead. Also the redirection portion
had to be rewritten as
I'm not as expert in cryptology, but many of the use cases you write
below somehow don't seem right to me.
1. A page has information that needs to be secure, i.e. demographic
information, billing information. This information can be accessed from a
non-secured page, i.e. home page
Is the
I'm trying to add a check to the constructor on one of our pages (a
credit card processing page) which should:
1. If protocol is HTTPS; continue as usual
2. Else redirect so that HTTPS is used to access the same page
I saw the sample in the wiki with the annotations that intercepted
card processing page) which should:
1. If protocol is HTTPS; continue as usual
2. Else redirect so that HTTPS is used to access the same page
I saw the sample in the wiki with the annotations that intercepted
the request processing and etc but it seemed overly complicated for
this tiny check, any
to add a check to the constructor on one of our pages (a
credit card processing page) which should:
1. If protocol is HTTPS; continue as usual
2. Else redirect so that HTTPS is used to access the same page
I saw the sample in the wiki with the annotations that intercepted
the request processing
PROTECTED] wrote:
I'm trying to add a check to the constructor on one of our pages (a
credit card processing page) which should:
1. If protocol is HTTPS; continue as usual
2. Else redirect so that HTTPS is used to access the same page
I saw the sample in the wiki with the annotations
On 9/24/07, Daniel Frisk [EMAIL PROTECTED] wrote:
I'm trying to add a check to the constructor on one of our pages (a
credit card processing page) which should:
1. If protocol is HTTPS; continue as usual
2. Else redirect so that HTTPS is used to access the same page
I saw the sample
pages (a
credit card processing page) which should:
1. If protocol is HTTPS; continue as usual
2. Else redirect so that HTTPS is used to access the same page
I saw the sample in the wiki with the annotations that intercepted the
request processing and etc but it seemed overly complicated
will have to copy the entire
class and provide this behavior.
Thoughts?
--
View this message in context:
http://www.nabble.com/Redirect-to-HTTPS--tf4509537.html#a12872387
Sent from the Wicket - User mailing list archive at Nabble.com
19 matches
Mail list logo
