users@javaee-spec.java.net

[javaee-spec users] Re: Question related to https/secure connection

From: Christian Beikov <christian.beikov_at_gmail.com>
Date: Fri, 31 Aug 2012 12:07:53 +0200

That would be great if included in the new spec.
By the way it is also very limiting that only one http session per webapp
can be configured. Since someone could add a path to the cookie tracking
config, it would be nice if the http session that can be retieved via http
sevlet request depends on the current servlet path.

Also another nice feature would be a method to regenerate the session id.
Especially in highly secure apps, someone may want to regenerate it after a
login. Currently someone would have to reference the content and then apply
the content on a newly created session.

Regards,
Christian
Am 31.08.2012 10:19 schrieb "Antonio Goncalves" <antonio.goncalves_at_gmail.com
>:

> Unfortunatelly there is no standard ServletContainer API defined in
> Servlet 3.0. I've contacted the spec lead of 3.1 to see if such API could
> be possible, but still not answer :o(
>
> On Thu, Aug 30, 2012 at 9:22 PM, Christian Beikov <
> christian.beikov_at_gmail.com> wrote:
>
>> Hello!
>>
>> I posted a question on stackoverflow regarding the retrieval of the
>> secure/https port of the server my application is running on and got the
>> answer that he thinks that this would be included in EE7 somehow.
>>
>> Question on Stackoverflow<http://stackoverflow.com/questions/12165988/https-in-ee6-servlet-container>
>> :
>>
>> Is there a way to retrieve the https port of the EE6/Servlet Container in
>> a standard way? If not maybe a method to convert an URL in a standard way
>> to use https?
>>
>> I know I could use a security constraint in web.xml, but the behavior is
>> not configurable at runtime as far as I know.
>>
>> Maybe it is a bad idea to allow the user or admin to choose whether to
>> use https or not?
>>
>> Regards,
>> Christian
>>
>
>
>
> --
> Antonio Goncalves
> Software architect and Java Champion
>
> Web site <http://www.antoniogoncalves.org> | Twitter<http://twitter.com/agoncal>|
> LinkedIn <http://www.linkedin.com/in/agoncal> | Paris JUG<http://www.parisjug.org> |
> Devoxx France <http://www.devoxx.fr>
>