On Mon, 19 Jun 2006 16:41:25 -0400, Lutz Hühnken""
<[EMAIL PROTECTED]> wrote:
Why would you not want to use an external mechanism? Is it not rather
a feature of the framework to be "SSL agnostic"? I think more often
than not people would keep, for example, security and access right
aspects out of the application and deal with it declaratively. Now
you're looking for a way to move http/https - switching into your
application?
If it can be done in the page spec, and thus in an annotation, then you've
captured the logic in exactly one place. Should a page really care that
it should be rendered via HTTPS? Probably not. But, if I can annotate a
class with something like:
@Scheme("https")
and then inherit that via some hierarchy, I've just made my life a heck of
a lot easier.
Somewhere, it's going to need to be captured that the page must be
rendered via HTTPS. If it's done within the page, then at least I know if
I refactor, I haven't broken anything. Plus, I've saved myself the hassle
of doing things outside of the framework.
Well, anyway: with Apache httpd, what you try to achieve is often done
by using mod_rewrite. For https-only pages, the protocol part can be
rewritten to https if the page is accessed via http, and vice versa.
If the URL rewrite filter ("http://tuckey.org/urlrewrite/";) does what
it aspires (to be a very powerful tool just like Apache's
mod_rewrite), it should allow you to do the same in a more portable
way.
I actually use mod_rewrite to do this currently. It's great for switching
from HTTP to HTTPS. Going back is not so trivial. I've just abandoned
the idea for now.
Talking about apache: including external content on https sites via
http can in many cases be done without triggering warnings, by making
a directory on your https server a reverse proxy using mod_proxy.
That's interesting. I'll have to take a look into it. It may be useful
for special corner cases, but not something I'd like to be doing in
general.
--
Kevin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
