Hi guys,
Thanks for the excellent info. Apache hasn't even come into the mix yet Tim
so I think I'd just like to get it working locally on tomcat first.
Adam, when you say:
*"You should force all your requests to https to ensure that no one can
change the url from a secure page to a non-secure page."
*
Can you explain on how you actually do this?
thanks again guys,
Brian
On Mon, Sep 17, 2012 at 10:29 AM, Stone, Timothy
<tst...@barclaycardus.com>wrote:
> Adam stole my thunder… J If you’re carrying session data between secure
> and non-secure sections, you will lose one in transit for precisely why
> Adam said.****
>
> ** **
>
> If you’re in a secure area make sure it’s always secure. Are you
> performing any SSL offloading at Apache? I have found that offloading SSL
> at the Apache HTTPD front end to be significantly easier to manage than in
> Tomcat/WebLogic/[pick container]****
>
> ** **
>
> Tim****
>
> ** **
>
> *From:* Adam Stokar [mailto:ajsto...@gmail.com]
> *Sent:* Monday, September 17, 2012 10:24 AM
> *To:* Stripes Users List
> *Subject:* Re: [Stripes-users] SSL newbie****
>
> ** **
>
> Hey Brian,****
>
> ** **
>
> You should force all your requests to https to ensure that no one can
> change the url from a secure page to a non-secure page. Then you can add
> a Stripes Interceptor that checks if the request requires https or not and
> allow the ones that don't to pass through. Keep in mind that "switching"
> between http and https isn't really possible if you intend to use a session
> variable on the server side. Browsers create a new session id when you
> switch between the two, even if the rest of the url is the same.****
>
> ** **
>
> - Adam****
>
> ** **
>
> On Mon, Sep 17, 2012 at 10:16 AM, Brian McSweeney <
> brian.mcswee...@gmail.com> wrote:****
>
> Hi guys,
>
> I have a stripes webapp that I would like to add SSL support for in a few
> pages only.
>
> I've come from a struts background where we had ssl-ext as an extension
> which simplified this. I've also searched the archives and come across
> http://www.stripesframework.org/jira/browse/STS-239 and some questioning
> threads about this topic none of which have been comprehensively resolved
> to me.
>
> Can someone point me at a solution/approach to securing a few pages in
> stripes and switching between http and https?
>
> cheers,
> Brian
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users****
>
> ** **
>
> Barclaycard
>
> www.barclaycardus.com
>
> This email and any files transmitted with it may contain confidential
> and/or proprietary information. It is intended solely for the use of the
> individual or entity who is the intended recipient. Unauthorized use of
> this information is prohibited. If you have received this in error, please
> contact the sender by replying to this message and delete this material
> from any system it may be on.
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
