Win a copy of Escape Velocity: Better Metrics for Agile Teams this week in the Agile and Other Processes forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Paul Clapham
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Frank Carver
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Frits Walraven
  • fred rosenberger

Using https: for security

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am developing an application where I want the users to have some protection from the Internet and snooping. I want to force all users to use https:// rather than just http:// so that encryption is used. When a user logs in, I would like to redirect them to an https:// session if needed. JSF seems to take a relative .jsp for the <to-view-id> value. I thought about just setting up a .jsp that would issue a jsp-forward, or an http refresh, but that would require me to hard code the full server url, whereas I would like the page to be relative to my server and only need to change the protocol, so that I can move the .ear file to my test server and production server without having to modify the code. How would I implement a redirection to https:// when the user logs in successfully?
 
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The following code



Works well for setting the base path relative to the server and application path. So you could just substitute request.getScheme() with https in some sort of redirect code, probably a forward on detecting http request.

There are also security constraints you can setup on the web.xml file to ensure http allways and have the container check for it rather than each individual jsf.

For example http://ebxmlrr.sourceforge.net/3.0/UsingHTTPS.html

along the lines of "Requiring Access to the Server to be Secure".
[ April 22, 2006: Message edited by: Gerardo Tasistro ]
 
Bill Dornbush
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a working way to transfer someone to https:

In my program login.jsp, I added a hyperlink "Go to Secure Login". This link is rendered only if the protocol is not secure. I detect this through a method in the backing bean:

public boolean getSecure() {
HttpServletRequest request = (HttpServletRequest)facesContext.getExternalContext().getRequest();
return request.isSecure();
}

The URL of the link is determined in another method in the backing bean:

public String getHttps() {
String httpsPort = Props.getProps().getStringProperty("httpsPort");
HttpServletRequest request = (HttpServletRequest)facesContext.getExternalContext().getRequest();
String newpath = "https://"
+ request.getServerName()
+ httpsPort
+ request.getContextPath()
+ "/index.jsp";
return newpath;
}

The method Props.getProps().getStringProperty("httpsPort") gets the port number with a leading : from my properties file. This allows me to migrate the application to a server where https: is configured to a different port.

index.jsp is the page (not jsf) that is coded in web.xml as the welcome page. It contains: <jsp:forward page="faces/login.jsp"></jsp:forward>

I don't understand why, but if I link to the login.jsp page with the https: protocol, I get an error message "Cannot find FacesContext."
 
This looks like a job for .... legal tender! It says so right in this tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic