users@javaee-spec.java.net

[javaee-spec users] Re: Question related to https/secure connection

From: Christian Beikov <christian.beikov_at_gmail.com>
Date: Fri, 31 Aug 2012 18:39:14 +0200

Thanks for the tip, I just thought that the spec leads would be on the
ee-spec mailing lists too.
Anyway, if somebody is interested, here you can track the further
conversation:
http://java.net/projects/servlet-spec/lists/users/archive/2012-08/message/7

Regards,
Christian

Am 31.08.2012 13:47, schrieb Antonio Goncalves:
> I would suggest you contact the JSR 340 Expert Members
> (http://java.net/projects/servlet-spec/lists/jsr340-experts/archive).
> Hopefully if people start asking for a standard WebContainer API... it
> might happen one day
>
> On Fri, Aug 31, 2012 at 12:07 PM, Christian Beikov
> <christian.beikov_at_gmail.com <mailto:christian.beikov_at_gmail.com>> wrote:
>
> That would be great if included in the new spec.
> By the way it is also very limiting that only one http session per
> webapp can be configured. Since someone could add a path to the
> cookie tracking config, it would be nice if the http session that
> can be retieved via http sevlet request depends on the current
> servlet path.
>
> Also another nice feature would be a method to regenerate the
> session id. Especially in highly secure apps, someone may want to
> regenerate it after a login. Currently someone would have to
> reference the content and then apply the content on a newly
> created session.
>
> Regards,
> Christian
>
> Am 31.08.2012 10 <tel:31.08.2012%2010>:19 schrieb "Antonio
> Goncalves" <antonio.goncalves_at_gmail.com
> <mailto:antonio.goncalves_at_gmail.com>>:
>
> Unfortunatelly there is no standard ServletContainer API
> defined in Servlet 3.0. I've contacted the spec lead of 3.1 to
> see if such API could be possible, but still not answer :o(
>
> On Thu, Aug 30, 2012 at 9:22 PM, Christian Beikov
> <christian.beikov_at_gmail.com
> <mailto:christian.beikov_at_gmail.com>> wrote:
>
> Hello!
>
> I posted a question on stackoverflow regarding the
> retrieval of the secure/https port of the server my
> application is running on and got the answer that he
> thinks that this would be included in EE7 somehow.
>
> Question on Stackoverflow
> <http://stackoverflow.com/questions/12165988/https-in-ee6-servlet-container>:
>
> Is there a way to retrieve the https port of the
> EE6/Servlet Container in a standard way? If not maybe a
> method to convert an URL in a standard way to use https?
>
> I know I could use a security constraint in web.xml, but
> the behavior is not configurable at runtime as far as I know.
>
> Maybe it is a bad idea to allow the user or admin to
> choose whether to use https or not?
>
>
> Regards,
> Christian
>
>
>
>
> --
> Antonio Goncalves
> Software architect and Java Champion
>
> Web site <http://www.antoniogoncalves.org> | Twitter
> <http://twitter.com/agoncal> | LinkedIn
> <http://www.linkedin.com/in/agoncal> | Paris JUG
> <http://www.parisjug.org> | Devoxx France <http://www.devoxx.fr>
>
>
>
>
> --
> Antonio Goncalves
> Software architect and Java Champion
>
> Web site <http://www.antoniogoncalves.org> | Twitter
> <http://twitter.com/agoncal> | LinkedIn
> <http://www.linkedin.com/in/agoncal> | Paris JUG
> <http://www.parisjug.org> | Devoxx France <http://www.devoxx.fr>