Add Comment (4)
It's missing some functionality ... how does it know which event has to be secured? It should secure only specific events, and force unsecured requests for the rest. something like if not isSsl and requireSll then cflocate to https if isSsl and not requireSll then cflocate to http
That is up to Ernst, but I think its a good start.
Rob you're right. We could implement that. Just make a list of allowed events without SSL as a property in interceptor xml definition and then check with event.getCurrentEvent() if we need SSL.
I will take a look and keep you informed.
Rob, I made in new blog entry. The SSL interceptor now supports SSL for specific events. Comments are welcome!