Thanks, this is a good suggestion.
It's not quite as dependent on container behavior, either. I like to make use of standardisms in the container behavior, but I've been caught out by that as well.
-matt
Random Tapestry User wrote:
Couldn't you just create an "SSLPage" class and all the pages that you want to protect with ssl subclass the SSLPage ?
Then, in the SSLPage, you could add a pageValidate that looks at the method of the url (http or https) and redirect to the same URL, only changing the http to https if the method was http ?
I've done this successfully in other (non-Tapestry) apps with no problem.
tappapp
matthew c. mead wrote:
It looks like in the near future I may need to secure via SSL and client-certificates a portion of a Tapestry application.
If I were developing with another framework (like struts) I would have a different set of URIs mapped to handle this part of the application, and I would apply a transport-guarantee directive to force automatic redirect to the SSL port if the content were accessed via the clear http port.
I'm not sure how to go about this with Tapestry. I could double-map the application servlet, but then wouldn't it allow for any pages defined to be accessed via either mapping of the servlet?
Am I missing an obvious solution?
Thanks!
-matt
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
