On 23-01-2009 at 14:25, Philip Constantinou wrote: > Are there any best practices out there for dealing with switching the > browser between HTTP and HTTPs. I'd added some subclasses of > stripes:for, stripes:link and RedirectResolution that take a > secure=true/false parameter but the 1.5 upgrade seems to break them a > little in some cases. > > Anyone else have a good way of dealing with this? > > The typical usage example is, I want my log in and change password > forms to submit over SSL no matter what (as long as the server > supports SSL), but want the rest of the URL's to be root relative.
In our case, users demand SSL because they're working with sensitive data, we always needs SSL. Also, we deploy one application per (paying) customer. For these requirements, the J2EE specification of requiring SSL are sufficient. So we specify this as a "transport guarantee" in web.xml. Oscar -- ,-_ /() ) Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/ (__ ( =/ () Don't let your boss fuck you; that's anti-capitalist. ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
