ejb 3.0 - jsf secure tranport mechanism -


i have been working on simple jsf secure transport mechanism configured https constraints set confidential in web.xml.now, wanted select particular page secure transport. have login page takes me page.login page takes user name , password , should transport on secure layer ejb verifies authenticity before displays requested page.now when use url pattern /faces/pagetoview.xhtml requested page in web.xml, funny behaviour dont understand.first, when login, pagetoview.xhtml displays without https , when click go pagetoview2.xhtml first pagetoview.xhtml redisplays https. not other pages navigate displays https though had not configure them secure transport. need know right way configure secure transport behaviour particular page. in advance.

the way seems when go https, , you're going on login page, stay on https. seemed me big overhead application limited security requirements on looking consensus big risk session hijacking. if had 2 secure pages login & shopping , other pages don't use ssl they'll sending session cookie on air/wire in clear , cookie sniffed.

i think if have apache web server fronting application server have lot more options such using https between client browser , apache pages, using http between apache , app server. i'm sure can i'm no expert , haven't tried it.

when looking time ago came across filter written 1 of glassfish team supposed downshift https - http. recollection having downshifted stopped working, when used in conjunction container security.

with few tweaks adapt environment, in example main.xhtml file welcome-file web.xml, idea being page loaded on successful login earliest point @ downshift https - http. you'd need uncomment @webservlet, use own logging in place of log.log() , check url/pathnames.

before spending time on please remember never work , the recommendation take hit , use https time.

package uk.co.sportquest.jsfbeans.helper; /* * not alter or remove copyright notices or header. * * copyright 1997-2008 sun microsystems, inc. rights reserved. * * contents of file subject terms of either gnu general * public license version 2 ("gpl") or common development , * distribution license("cddl") (collectively, "license"). may not use * file except in compliance license. can obtain copy of * license @ https://glassfish.dev.java.net/public/cddl+gpl.html or * glassfish/bootstrap/legal/license.txt. see license specific * language governing permissions , limitations under license. * * when distributing software, include license header notice in each * file , include license file @ glassfish/bootstrap/legal/license.txt. * sun designates particular file subject "classpath" exception * provided sun in gpl version 2 section of license file * accompanied code. if applicable, add following below license * header, fields enclosed brackets [] replaced own * identifying information: "portions copyrighted [year] [name of copyright * owner]" * * contributor(s): * * if wish version of file governed cddl or * gpl version 2, indicate decision adding "[contributor] elects * include software in distribution under [cddl or gpl version 2] * license." if don't indicate single choice of license, recipient has * option distribute version of file under either cddl, * gpl version 2 or extend choice of license licensees provided * above. however, if add gpl version 2 code , therefore, elected gpl * version 2 license, option applies if new code made * subject such option copyright holder. */ import java.io.*; import java.util.*; import java.security.*; import java.util.logging.logger; import javax.faces.context.facescontext; import javax.security.jacc.*; import javax.servlet.*; import javax.servlet.annotation.webfilter; import javax.servlet.http.*; import uk.co.sportquest.general.log; /** * filter downshifts https http if given request came in on * https, target resource not require confidentiality * protection. * * @author jluehe * @author monzillo */ //@webfilter(filtername = "cachefilterstatic", urlpatterns = {"/faces/secure/main.xhtml"}, // dispatchertypes = {dispatchertype.forward, dispatchertype.error, dispatchertype.request, dispatchertype.include}) public class myfilter implements filter { private static final codesource cs = new codesource(null, (java.security.cert.certificate[]) null); private static final protectiondomain pd = new protectiondomain(cs, null, null, null); // private static final policy policy = policy.getpolicy(); private static final policy policy = policy.getpolicy(); private static final string httpport = "8080"; @override public void init(javax.servlet.filterconfig filterconfig) throws servletexception { //httpport = filterconfig.getinitparameter("httpport"); } @override @suppresswarnings("static-access") public void dofilter(servletrequest req, servletresponse res, filterchain filterchain) throws ioexception, servletexception { if (req.issecure()) { httpservletrequest httpreq = (httpservletrequest) req; permission p = new webuserdatapermission(httpreq); p = new webuserdatapermission(p.getname(), httpreq.getmethod()); //sqlog.log("filter: " + httpreq.getrequesturi()); boolean istransportprotected = policy.implies(pd, p) ? false : true; log.log(); if (!istransportprotected) { // downshift https http, redirecting // target resource using http string redirecturl = "http://" + req.getservername() + ":" + httpport + httpreq.getrequesturi(); string querystring = httpreq.getquerystring(); if (querystring != null) { redirecturl += "?" + querystring; } //redirecturl = "http://localhost:8080/sportquest/faces/secure/main.xhtml"; log.log("url: " + redirecturl); ((httpservletresponse) res).sendredirect(redirecturl); } else { // perform normal request processing log.log("normal"); filterchain.dofilter(req, res); } } else { // perform normal request processing log.log("even more normal"); filterchain.dofilter(req, res); } } @override public void destroy() { // nothing } }

Comments

Post a Comment

Popular posts from this blog

javascript - backbone.js Collection.add() doesn't `construct` (`initialize`) an object -

<!doctype html public "-//w3c//dtd xhtml 1.0 strict//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-strict.dtd"> <html> <head> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> <script src="http://documentcloud.github.com/underscore/underscore-min.js"></script> <script src="http://documentcloud.github.com/backbone/backbone-min.js"></script> </head> <body> <button id="cmd_create_event" name="cmd_create_event" type="button">create new `event`</button> <script type="text/javascript"> var eventmodel = backbone.model.extend({ initialize : function() { console.log("`event` initialized. id: " + this.cid); this.bind("change:status", function() { console.log(this.get("status") + " value `status`"); }); this.bind("error", function(model, e...
Read more

php - Get uncommon values from two or more arrays -

is there function in php give array of uncommon values 2 or more arrays? for example: $array1 = array( "green", "red", "blue"); $array2 = array( "green", "yellow", "red"); .... $result = function_needed($array1, $array2,...); print_r($result); should give output: array("blue", "yellow", ...); use array_diff , array_merge : $result = array_merge(array_diff($array1, $array2), array_diff($array2, $array1)); here's demo. for multiple arrays, combine callback , array_reduce : function unique(&$a, $b) { return $a ? array_merge(array_diff($a, $b), array_diff($b, $a)) : $b; } $arrays = array( array('green', 'red', 'blue'), array('green', 'yellow', 'red') ); $result = array_reduce($arrays, 'unique'); and here's demo of that.
Read more

Adding duplicate array rows in Php -

i create function in php adds rows of array shared column value. so input. $test = array( array("c", 5, 6), array("c", 2, 3), array("test", 5, 6) ); and output. $testduplicatefree = array( array("c", 7, 9), array("test", 5, 6) ) ); i'm thinking function combine_duplicates($array,$col){ ... ... return $duplicatefreearray; } where $col duplicate free array. so, in case, combine_duplicates($test,0); would me desired output. this. <?php function combine_duplicates($array,$col) { $index = array(); foreach ($array $row) { $key = $row[$col]; if (!isset($index[$key])) { $index[$key] = $row; } else { ($i = 0; $i < count($row); ++$i) { if ($i != $col) { $index[$key][$i] += $row[$i]; } } } } return array_values($index); } $array = array( array("c", 5, 6), array("c", 2, 3), array("test", 5, 6) ); print_r(combine_duplicates($array, 0)); try here: http://codepad.org/mdhesqhi
Read more