Built with Seam
You can find the full source code for this website in the Seam package in the directory /examples/wiki. It is licensed under the LGPL.
| Online: | 29 Members of 4187 |
| Forum: Seam Users |
 |
13. Aug 2008, 18:32 CET | Link |
Some of the data that my application submits through Seam Remoting is sensitive and needs to be sent over SSL. Most of the other interaction does not have that requirement. I have the following questions for the people on this forum:
- What is the best way to force some of the seam remoting calls on my page to go through HTTPS while others stay on vanilla HTTP? The containing page will be HTTP.
And on the server side:
- Should I configure my JBoss 4.2.2 with an HTTPS connector? Will my session info from the HTTP session be seamlessly carried over into the HTTPS calls?
- Or should I setup Apache with SSL and a mod jk talking to Tomcat within JBoss?
I understand that the server configuration questions are off-topic for this forum, but I am sure a response will be useful to a lot of people.
Any insights will be greatly appreciated.
Thanks.
-Raj
Any takers?
For the server side I recommend going the Apache/mod_jk route, in my opinion it's easier to configure.
Client side, you're possibly going to have to hack remote.js to get the kind of functionality that you're describing. What may work as a bandaid solution is setting the value of Seam.Remoting.resourcePath before each request. Say for example the default is this:
When sending a secure request, you would have to override it temporarily:
var oldPath = Seam.Remoting.resourcePath; try { Seam.Remoting.resourcePath = "https://myhost.com:443/myapp/seam/resource/remoting"; // execute remoting call here } finally { Seam.Remoting.resourcePath = oldPath; }This is not the most elegant solution, but at least it's a starting point.
Shane thanks for the tip. It turns out, however, that XmlHttpRequest sandboxig rules will not allow this to happen. I am forced to do this in a separate page or iframe.
-Raj