Re: [Stripes-users] SSL newbie

Mon, 17 Sep 2012 07:25:18 -0700 

Hey Brian,

You should force all your requests to https to ensure that no one can
change the url from a secure page to a non-secure page.   Then you can add
a Stripes Interceptor that checks if the request requires https or not and
allow the ones that don't to pass through.  Keep in mind that "switching"
between http and https isn't really possible if you intend to use a session
variable on the server side.  Browsers create a new session id when you
switch between the two, even if the rest of the url is the same.

- Adam

On Mon, Sep 17, 2012 at 10:16 AM, Brian McSweeney <brian.mcswee...@gmail.com
> wrote:

> Hi guys,
>
> I have a stripes webapp that I would like to add SSL support for in a few
> pages only.
>
> I've come from a struts background where we had ssl-ext as an extension
> which simplified this. I've also searched the archives and come across
> http://www.stripesframework.org/jira/browse/STS-239 and some questioning
> threads about this topic none of which have been comprehensively resolved
> to me.
>
> Can someone point me at a solution/approach to securing a few pages in
> stripes and switching between http and https?
>
> cheers,
> Brian
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Reply via email to