Hi Adrian, David,
for my project at the first I wouldn't use certificate or self-certified
certificate.
Before security improvement, I only setted https="false" in url.properties
file and I had no problem about certificates and secure connections. After
security improvement, I thought it would be a good idea to include in a
.properties(ie securityService.properties) file a property like
httpsService="false" (default is "true" ) in order to choose whether use or
not SSL and secure URLs.
In this way ConfigXml.java is
+private String
securityService=UtilProperties.getPropertyValue("securityService.properties",
"httpsService");
+if (securityElement != null) {
+ if ("false".equals(securityService))
+ this.securityHttps = false;
+ else {
+ this.securityHttps =
"true".equals(securityElement.getAttribute("https"));
+ }
What do you think about this idea?
Angelo Matarazzo wrote:
>
> Hello, Everyone
> I have seen the new security improvement, but I would like to know if
> there is a global property in order to ignore https="true" for every
> request.
>
> To ignore https in every controller.xml, I have set https=N in
> url.properties
> and I have also modified ConfigXml.java in this way
>
> - if (securityElement != null) {
> - this.securityHttps =
> "true".equals(securityElement.getAttribute("https"));
>
> + if (securityElement != null) {
> + this.securityHttps = false;
>
> So I don't use secure URLs.
> Waht do you think about global property and my solution?
> Any advice would be greatly appreciated.
> Thank you
>
--
View this message in context:
http://www.nabble.com/Problem-with-https-tp22810404p22822761.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
