Hello Simon Thanks for much for this example. I got it going from non-secure to secure but when I try to go from secure to non-secure, the redirected page ends up with a URL like this:
http://hostname:443/... (notice the port 443 with the http protocol). If I remember correctly, this was a problem way back when but a search of google didn't turn up any thing helpful except for an old posting from 2004 by Chuck Hill stating something about needed to subclass WOContext to override the method for building the URL. Any pointers from anyone would be appreciated. -j On Aug 20, 2010, at 5:23 AM, Simon wrote: > here's how we do it.... > > @Override > public void appendToResponse(WOResponse response, WOContext context) { > > boolean enableSsl = > "true".equals(System.getProperty("enableSSL")); > boolean secure = ((ERXRequest) context.request()).isSecure(); > boolean pageShouldBeSecure = enableSsl ? > CTSecurityPolicy.policy().getSslPages() > .contains(context.page().name()) : false; > > if ((secure && !pageShouldBeSecure) || (!secure && > pageShouldBeSecure)) { > // Switch the SSL mode. > ERXRedirect pg = (ERXRedirect) > pageWithName(ERXRedirect.class.getName()); > pg.setComponentToPage(); > pg.setSecure(enableSsl ? !secure : false); > pg.appendToResponse(response, context); > > } else { > super.appendToResponse(response, context); > } > > } > > simon > > > On 19 August 2010 22:31, Jerald Dawson <[email protected]> wrote: > Hello you WONDERful people (wonder, get it? oh never mind) > > I have an old site that I've been maintaining for about 7 years. I have a > framework that I wrote years ago, part of which includes a subclass of > WOComponent that allows you to indicate whether or not a page should be > served up via https (the isSecure method returns true). Anyway, I've added a > bunch of functionality to the site, thanks to project wonder, but I'm having > issues with session management. I've traced it back to the funkiness that I > do with the request/response in my WOComponent subclass. Since alot of what > my framework does, wonder already provides, I want to just get ride of my old > framework. The only thing I'm not sure about is does wonder provide any > easy(er?) way to indicate whether a page should be served up securely. Is the > only way to do it really to use a WORedirect or am I missing something? I'll > really miss just returning true from isSecure(). > > Thanks in advance. > > Jerald Dawson _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list ([email protected]) > Help/Unsubscribe/Update your Subscription: > http://lists.apple.com/mailman/options/webobjects-dev/simon%40potwells.co.uk > > This email sent to [email protected] >
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
