3 Replies Latest reply on Sep 5, 2008 10:52 PM by rituraj_tiwari

    Seam Remoting: How to do HTTPS on some calls

    rituraj_tiwari

      Some of the data that my application submits through Seam Remoting is sensitive and needs to be sent over SSL. Most of the other interaction does not have that requirement. I have the following questions for the people on this forum:



      • What is the best way to force some of the seam remoting calls on my page to go through HTTPS while others stay on vanilla HTTP? The containing page will be HTTP.



      And on the server side:



      • Should I configure my JBoss 4.2.2 with an HTTPS connector? Will my session info from the HTTP session be seamlessly carried over into the HTTPS calls?

      • Or should I setup Apache with SSL and a mod jk talking to Tomcat within JBoss?



      I understand that the server configuration questions are off-topic for this forum, but I am sure a response will be useful to a lot of people.


      Any insights will be greatly appreciated.


      Thanks.


      -Raj

        • 1. Re: Seam Remoting: How to do HTTPS on some calls
          rituraj_tiwari

          Any takers?

          • 2. Re: Seam Remoting: How to do HTTPS on some calls
            shane.bryzak

            For the server side I recommend going the Apache/mod_jk route, in my opinion it's easier to configure. 


            Client side, you're possibly going to have to hack remote.js to get the kind of functionality that you're describing.  What may work as a bandaid solution is setting the value of Seam.Remoting.resourcePath before each request.  Say for example the default is this:


            Seam.Remoting.resourcePath = "/myapp/seam/resource/remoting";



            When sending a secure request, you would have to override it temporarily:


            var oldPath = Seam.Remoting.resourcePath;
            try {
              Seam.Remoting.resourcePath = "https://myhost.com:443/myapp/seam/resource/remoting";
              // execute remoting call here
            } finally {
              Seam.Remoting.resourcePath = oldPath;
            }
            



            This is not the most elegant solution, but at least it's a starting point.


            • 3. Re: Seam Remoting: How to do HTTPS on some calls
              rituraj_tiwari

              Shane thanks for the tip. It turns out, however, that XmlHttpRequest sandboxig rules will not allow this to happen. I am forced to do this in a separate page or iframe.


              -Raj