users@javaee-spec.java.net

[javaee-spec users] Re: Question related to https/secure connection

From: Antonio Goncalves <antonio.goncalves_at_gmail.com>
Date: Fri, 31 Aug 2012 13:47:33 +0200

I would suggest you contact the JSR 340 Expert Members (
http://java.net/projects/servlet-spec/lists/jsr340-experts/archive).
Hopefully if people start asking for a standard WebContainer API... it
might happen one day

On Fri, Aug 31, 2012 at 12:07 PM, Christian Beikov <
christian.beikov_at_gmail.com> wrote:

> That would be great if included in the new spec.
> By the way it is also very limiting that only one http session per webapp
> can be configured. Since someone could add a path to the cookie tracking
> config, it would be nice if the http session that can be retieved via http
> sevlet request depends on the current servlet path.
>
> Also another nice feature would be a method to regenerate the session id.
> Especially in highly secure apps, someone may want to regenerate it after a
> login. Currently someone would have to reference the content and then apply
> the content on a newly created session.
>
> Regards,
> Christian
> Am 31.08.2012 10:19 schrieb "Antonio Goncalves" <
> antonio.goncalves_at_gmail.com>:
>
> Unfortunatelly there is no standard ServletContainer API defined in
>> Servlet 3.0. I've contacted the spec lead of 3.1 to see if such API could
>> be possible, but still not answer :o(
>>
>> On Thu, Aug 30, 2012 at 9:22 PM, Christian Beikov <
>> christian.beikov_at_gmail.com> wrote:
>>
>>> Hello!
>>>
>>> I posted a question on stackoverflow regarding the retrieval of the
>>> secure/https port of the server my application is running on and got the
>>> answer that he thinks that this would be included in EE7 somehow.
>>>
>>> Question on Stackoverflow<http://stackoverflow.com/questions/12165988/https-in-ee6-servlet-container>
>>> :
>>>
>>> Is there a way to retrieve the https port of the EE6/Servlet Container
>>> in a standard way? If not maybe a method to convert an URL in a standard
>>> way to use https?
>>>
>>> I know I could use a security constraint in web.xml, but the behavior is
>>> not configurable at runtime as far as I know.
>>>
>>> Maybe it is a bad idea to allow the user or admin to choose whether to
>>> use https or not?
>>>
>>> Regards,
>>> Christian
>>>
>>
>>
>>
>> --
>> Antonio Goncalves
>> Software architect and Java Champion
>>
>> Web site <http://www.antoniogoncalves.org> | Twitter<http://twitter.com/agoncal>|
>> LinkedIn <http://www.linkedin.com/in/agoncal> | Paris JUG<http://www.parisjug.org> |
>> Devoxx France <http://www.devoxx.fr>
>>
>


-- 
Antonio Goncalves
Software architect and Java Champion
Web site <http://www.antoniogoncalves.org> |
Twitter<http://twitter.com/agoncal>|
LinkedIn <http://www.linkedin.com/in/agoncal> | Paris
JUG<http://www.parisjug.org> |
Devoxx France <http://www.devoxx.fr>