Eelco Hillenius wrote:
>
>
> I stand by my suggestion that you could just try to redirect to a
> secure page. After that, the relative URLs stay secure no?
>
> If I'm missing something, please tell.
>
> Eelco
>
>
>
I think we are both missing something. There are a couple of situations
(aka requirements) that I want to describe and hopefully get your opinion on
how to go about solving them.
1. A page has information that needs to be secure, i.e. demographic
information, billing information. This information can be accessed from a
non-secured page, i.e. home page
I believe what you proposed can be accomplished. Not sure how though. A
working example would do wonders here. I am still learning Wicket.
2. Submitting a form has to be secure, i.e. login information, demographics
information
This can be from a non-secure page (login home page) or secure-page
(demogaphics page). Not sure how to do this without the proposed refactor
(doPostPrepend()) since the URL generation is encapsulated and final.
3. When on a secure page, link to a non-secure page (from demographics
page to company info)
Wicket currently builds URLs that are relative to domain and agnostic to
protocol (https/http), i.e. /?wicket=... What this does will do if redirect
to a secure page is keep all subsequent links in the https mode. Therefore,
this will place an undo amount of load on the https server and potentially
"slow" down the user experience.
The proposed refactor would mitigate 1 and 3. For 2, I foresee a
SecureLink/SecureButton/SubmitLink (and others?) that would need to created
which has the RequireSSL annotation. By doing so, it would fit nicely in
the proposed refactor.
Does this clear it up? These are actual client requirements and not sure
how to proceed without the proposed solution.
Thanks
- Doug
--
View this message in context:
http://www.nabble.com/Redirect-to-HTTPS--tf4509537.html#a12878724
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
