HTTP vs. HTTPS is several layers above AbstractResource. You'd first have to set up your frontend webserver (Apache, Tomcat) to use SSL, then do whole lot more configuration outside of Seam to get it working, then consider things like redirects for HTTP to HTTPs on certain URIs, etc. The AbstractResource is the same, no matter what transport is being used. Just like a servlet is the same for both.
Thanks for your reply, Christian.
Could you be a little bit more precise on
...whole lot more configuration outside of Seam...
...consider things like redirects for HTTP to HTTPs on certain URIs...
I think I've configured JBoss (server.xml) to use SSL, but behind that I'm lost. I thought that I'll just need to define something like
<security-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
in web.xml. Is that correct? Where exactly do I have to put that? I need this resource on a secure layer, because I'd like to read X509 certificates, but besides that the application should run on HTTP without SSL.
Ok, I figured it out...
For those who have the same problem:
<web-app...> ... <security-constraint> <web-resource-collection> <web-resource-name>idp</web-resource-name> <url-pattern>/seam/resource/idp</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> ... </web-app>
to web.xml and now it rediretc to a HTTPS secured URL.