Re: Problem with https

Wed, 01 Apr 2009 13:09:16 -0700
I'm not sure if I understand what you're running into. What would be most helpful to make progress on this is if you describe the problem you're having, and then hopefully this proposed solution to the problem would make more sense. In the problem description please include steps to reproduce, and a description of the error or other unexpected behavior you're seeing so that it is possible for someone else to try to reproduce this, and know whether or not they have successfully reproduced it. 


The problem part is the most important thing, but more details about  
your proposed changes would be helpful too. For example, there is no  
"ConfigXml.java" file, and in your code change snippets there are no  
line numbers.


-David


On Apr 1, 2009, at 3:23 AM, Angelo Matarazzo wrote:



Hi Adrian, David,

for my project  at the first I wouldn't use certificate or  self- 
certified

certificate.

Before security improvement, I only setted https="false" in  
url.properties
file and I had no problem about certificates and secure connections.  
After
security improvement, I thought it would be a good idea to include  
in a

.properties(ie securityService.properties) file a property like

httpsService="false" (default is "true" ) in order to choose whether  
use or

not SSL and secure URLs.
In this way ConfigXml.java is

+private String

securityService 
=UtilProperties.getPropertyValue("securityService.properties",

"httpsService");

+if (securityElement != null) {
+       if ("false".equals(securityService))
+              this.securityHttps = false;
+       else {
+              this.securityHttps =
"true".equals(securityElement.getAttribute("https"));
+       }


What do you think about this idea?


Angelo Matarazzo wrote:


Hello, Everyone
I have seen the new security improvement, but I would like to know if
there is a global property in order to ignore https="true" for every
request.

To ignore https in every controller.xml, I have set https=N in
url.properties
and I have also modified ConfigXml.java in this way

-  if (securityElement != null) {
-               this.securityHttps =
"true".equals(securityElement.getAttribute("https"));

+ if (securityElement != null) {
+              this.securityHttps = false;

So I don't use secure URLs.
Waht do you think about global property and my solution?
Any advice would be greatly appreciated.
Thank you



--
View this message in context: 
http://www.nabble.com/Problem-with-https-tp22810404p22822761.html
Sent from the OFBiz - User mailing list archive at Nabble.com.

























					Reply via email to