It's missing some functionality ... how does it know which event has to be secured? It should secure only specific events, and force unsecured requests for the rest. something like
if not isSsl and requireSll then cflocate to https
if isSsl and not requireSll then cflocate to http
Rob you're right. We could implement that. Just make a list of allowed events without SSL as a property in interceptor xml definition and then check with event.getCurrentEvent() if we need SSL.
Rob Gonda
It's missing some functionality ... how does it know which event has to be secured? It should secure only specific events, and force unsecured requests for the rest. something like if not isSsl and requireSll then cflocate to https if isSsl and not requireSll then cflocate to http
Luis Majano
That is up to Ernst, but I think its a good start.
Ernst van der Linden
Rob you're right. We could implement that. Just make a list of allowed events without SSL as a property in interceptor xml definition and then check with event.getCurrentEvent() if we need SSL.
I will take a look and keep you informed.
Ernst van der Linden
Rob, I made in new blog entry. The SSL interceptor now supports SSL for specific events. Comments are welcome!