-
1. Re: Defining an AbstractResource subclass as HTTPS secured
christian.bauer Jul 21, 2009 11:26 AM (in response to steffi.stephanie.stroka.salzburgresearch.at)HTTP vs. HTTPS is several layers above AbstractResource. You'd first have to set up your frontend webserver (Apache, Tomcat) to use SSL, then do whole lot more configuration outside of Seam to get it working, then consider things like redirects for HTTP to HTTPs on certain URIs, etc. The AbstractResource is the same, no matter what transport is being used. Just like a servlet is the same for both.
-
2. Re: Defining an AbstractResource subclass as HTTPS secured
steffi.stephanie.stroka.salzburgresearch.at Jul 21, 2009 11:55 AM (in response to steffi.stephanie.stroka.salzburgresearch.at)Thanks for your reply, Christian.
Could you be a little bit more precise on
...whole lot more configuration outside of Seam...and
...consider things like redirects for HTTP to HTTPs on certain URIs...I think I've configured JBoss (server.xml) to use SSL, but behind that I'm lost. I thought that I'll just need to define something like
<security-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
in web.xml. Is that correct? Where exactly do I have to put that? I need this resource on a secure layer, because I'd like to read X509 certificates, but besides that the application should run on HTTP without SSL.
Thanks again,
Stephanie -
3. Re: Defining an AbstractResource subclass as HTTPS secured
steffi.stephanie.stroka.salzburgresearch.at Jul 21, 2009 12:33 PM (in response to steffi.stephanie.stroka.salzburgresearch.at)Ok, I figured it out...
For those who have the same problem:
I added<web-app...> ... <security-constraint> <web-resource-collection> <web-resource-name>idp</web-resource-name> <url-pattern>/seam/resource/idp</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> ... </web-app>
to web.xml and now it rediretc to a HTTPS secured URL.