|

»

Web Development Framework

»

»

[JIRA] Commented: (STS-239) SSL support for Link, Url and Form Tag

View: New views

4 Messages — Rating Filter: Alert me

	[JIRA] Commented: (STS-239) SSL support for Link, Url and Form Tag by JIRA jira@stripesframework.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message [ http://www.stripesframework.org/jira/browse/STS-239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=11444#action_11444 ] Iwao AVE! commented on STS-239: ------------------------------- Christian, I needed this feature recently and your patch saved me. Many thanks! A few comments: - I think you forgot to add RuntimeConfiguration.java to the v5 archive. - The name of the annotation @Secure might be too common, I renamed it to @Ssl locally. - An action bean that handles ajax requests should not change the protocol to satisfy 'same origin policy'. I have added a parameter 'RewritePolicy' to the annotation. There are three possible values for the parameter: (1) SECURE : Always use https. Default. (2) UNSECURE : Never use https; i.e. always use http. Same behavior as if the annotation were not present. (3) NO_REWRITE : Leave the protocol as it is (just use relative path). > SSL support for Link, Url and Form Tag > -------------------------------------- > > Key: STS-239 > URL: http://www.stripesframework.org/jira/browse/STS-239 > Project: Stripes > Issue Type: New Feature > Components: Tag Library > Affects Versions: Release 1.4, Release 1.5 > Reporter: Christian Schwanke > Fix For: Release 1.6 > > Attachments: Stripes-SSL-v3.zip, Stripes-SSL-v4.zip, Stripes-SSL-v5.zip, Stripes-SSL.zip, Stripes-SSL.zip > > > As a Struts user that learned about Stripes just a few days ago, I really missed something like the SSL-Extension for Struts. > In essence, it is now possible to mark an ActionBean as secure using a new annotation @Secure. > The Stripes tags used for urls, links and forms will check the security state of the destination ActionBean and automatically rewrite the target URL accordingly. > The configuration of the SSL settings (host, port) is done using init-parameters on the StripesFilter. > I have attached a ZIP file containing the modified/added java sources and the modified TLD file. > The sources also contain a second modification: I've also added a new attribute to the link and url tag called excludeSpecialParams. If this attribute is set to true, Stripes specific parameters (i.e. the source page parameter) is omitted from the final URL. However, keep in mind that removing those parameters can break your application. > My modifications are based on the 1.4 Beta 1 sources. A detailed explanation on what I have changed is included within the attached ZIP file. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://www.stripesframework.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Stripes-development mailing list Stripes-development@... https://lists.sourceforge.net/lists/listinfo/stripes-development
	Re: [JIRA] Commented: (STS-239) SSL support for Link, Url and Form Tag by Alan Burlison :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Iwao AVE! (JIRA) wrote: > (2) UNSECURE : Never use https; i.e. always use http. Same behavior as if the annotation were not present. Should be "INSECURE" not "UNSECURE" -- Alan Burlison -- ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Stripes-development mailing list Stripes-development@... https://lists.sourceforge.net/lists/listinfo/stripes-development
	Re: [JIRA] Commented: (STS-239) SSL support for Link, Url and Form Tag by Iwao AVE! :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Alan, Thanks for pointing it out. I was aware of that my dictionary does not have the word. Actually, the word 'unsecure' was used in Christian's original patch and I thought consistency should come first. I also did some google search and found that there are many arguments about the validity (?) of the word 'unsecure'. As I don't have a right to join that argument (I'm not native English speaker), please discuss it with Christian ;) Regards, Iwao on 08.7.4 11:43 PM Alan Burlison said the following: > Iwao AVE! (JIRA) wrote: > >> (2) UNSECURE : Never use https; i.e. always use http. Same behavior as if the annotation were not present. > > Should be "INSECURE" not "UNSECURE" ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Stripes-development mailing list Stripes-development@... https://lists.sourceforge.net/lists/listinfo/stripes-development
	Re: [JIRA] Commented: (STS-239) SSL support for Link, Url and Form Tag by Alan Burlison :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Iwao AVE! wrote: > Thanks for pointing it out. > I was aware of that my dictionary does not have the word. > Actually, the word 'unsecure' was used in Christian's original patch > and I thought consistency should come first. > > I also did some google search and found that there are many > arguments about the validity (?) of the word 'unsecure'. > As I don't have a right to join that argument (I'm not native > English speaker), please discuss it with Christian ;) They mean more or less the same thing, but "insecure" is the far more common usage. If you use "unsecure" people will keep mistyping "insecure" instead. Leaving aside the linguistic niceties ;-) , we should just go for the more common usage. -- Alan Burlison -- ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Stripes-development mailing list Stripes-development@... https://lists.sourceforge.net/lists/listinfo/stripes-development

LightInTheBox - Buy quality products at wholesale price