I just checked and WOForm should use the result of
context.secureMode() to determine if it needs to generate secure URLs.
It is also possible to force the behavior by adding a binding
"secure=true;" and the same logic should apply It is in fact the same
code that is called.
The exact behavior is to honor the result
context.doesGenerateCompleteURLs() except if there is a change of
transport mode between the request and the current setting of the
context. To me more precise if the request was insecure but the
context is secure (context.secureMode()) then WO will generate
complete URLs. The same is true in the other direction.
Pierre
--
Pierre Frisch
[EMAIL PROTECTED]
On Mar 28, 2008, at 6:11, Serge Cohen wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Pierre;
Thanks for the quick answer. Indeed these methods do not seem to be
in the javadoc for WebObjects 5.4.1
Using it I've made a quick-check and realised that indeed the
WOContext does realise properly if it is Secure or not. In other
words, if I log the result of aContext.isSecure (be it before or
after the super.appendToResponse call) it's properly set : It's set
to NO before the redirect, and YES after.
Then I realised that indeed this URL trouble is only present in URLS
that are a form's actions. The 'normal' hyperlinks (the one
generated by WOHyperlink or WOResourceURL) are properly generated
(that is, they are never including scheme and hotsname). Is it that
the form need also to be 'informed' that it should specifically ask
for secure transport (could not find any such indication in the
documentation)?
Thanks again for the initial answer, and I hope you'll be able to
help me now that I've made the question more precise.
Serge.
Le 27 mars 08 à 11:54, Mr. Pierre Frisch a écrit :
With WO 5.4.x WOContext has gained a few method to correctly manage
the secure transport.
/**
* Return true if the context is in secure mode.
*
* @return true if in secure mode
* @since 5.4
*/
public boolean secureMode()
/**
* Puts the context in secure mode.
*
* @param value
*/
public void setSecureMode(boolean value)
WOContext should also correctly manage the complete URLs. If the
secure mode is turned on and the request was not made on secure
transport then the URL will be complete.
Cheers
Pierre
--
Pierre Frisch
[EMAIL PROTECTED]
On Mar 27, 2008, at 2:26, Serge Cohen wrote:
Oups ... just realised that I send this mail to the "wrong" (not
totally) mailing list ... It's most likelly not a Wonder issue but
rather a WebObjects 5.4 one...
Someone has the same experience than I when using redirection to
change from http to https ?
Here is the message I've sent yesterday to the Project Wonder
list ...
In the application I'm currently working on, I sometimes have to
turn to HTTPS (decision made at runtime) using the following code
in Session.appendToResponse :
public void appendToResponse(WOResponse aResponse, WOContext
aContext) {
// Shall we ask for HTTPS or HTTP (or leave the transport as it is).
boolean tmpRequestIsSecure =
RequestAdditions.isSecure(aContext.request());
super.appendToResponse(aResponse, aContext);
if ((requireSecure && !tmpRequestIsSecure) || (requireNotSecure
&& tmpRequestIsSecure)) {
// We have to redirect towards the same page, but different schema
String schema = (requireSecure) ? "https" : "http";
String redirectToURL = schema + "://" +
RequestAdditions.hostName(aContext.request()) +
aContext.componentActionURL();
aResponse.setStatus(302);
aResponse.setHeader(redirectToURL, "Location");
NSLog.debug.appendln("Switching schema to : " + schema + ".
Redirecting to the URL '" + redirectToURL + "'.");
}
}
Till now I was developing using WebObjects 5.3.? (+ Wonder), and
this was all working nicely. In particular, whatever this redirect
would do the URL generated by WebObjects in the html sources would
be absolute but would NOT contain the schema and host name (in
other words they'd start like '/cgi-bin/WebObjects/
Incident.woa/....')
I have just upgraded to Leopard, and hence WebObjects 5.4.1 (+
Wonder).
Now the redirect still works (when enforcing 'https' usage), but
upon such a redirection all the URL generated in the page are now
'complete' URL, that is they contain the schema, the hostname and
then the rest (eg. 'http://foo.local/cgi-bin/WebObjects/Incident.woa/....')
. In particular, when turning to 'https' all the generated URLs
are now EXPLICITLY NON secured http ('http'). Still if there is no-
redirection the generated URLs are the same as before (like the
one generated by WO 5.3, non-complete URL, eg. '/cgi-bin/
WebObjects/Incident.woa/....').
I have tried to check the value of
aContext.doesGenerateCompleteURLs() (which in all cases is FALSE,
which to me means that all generated URL should be absolute path
without schema and hostname).
I realise that the former https bug of WebObjects 5.3 is now fixed
and it might be normal that my code is not working anymore, but I
could not find how I should change my code to conform to the new
WO version?
Any help or hint is very welcome !
Serge.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkfs7owACgkQlz6UVQtc2uxJIgCgrtzEdZdor+DIXIY15Ve/Fo8w
DcUAn1e8KcB5EStS9QKdikYbCM3pp2bV
=7LPo
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list ([email protected])
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to [EMAIL PROTECTED]
