Just to pick up on the point below.
If the Valve acts before the filter then I would guess my idea can't work
because the login will have already happened before I get chance to redirect to
https. Therefore meaning the login process will have happened unencrypted...
R.
On 10 Nov 2009, at 10:42, Pid wrote:
>> My last stab at this is maybe I could use a scenario of filtering all
>> requests and essentially do:
>>
>> if (logged in) {
>> if (https) goto http
>> } else {
>> if (http) goto https
>> }
>>
>> And then rely on the security constraint only for requiring login and the
>> Valve only for forwarding the request to the login page?
>
> This would probably work out OK, (just remember that the Filter will work at
> a level above/after the Valve has a chance to act).
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
