I don't think we need it. Underyling implementation should be able to
handle this, no?
Stephan Koops wrote:
> Hi,
>
> to avoid code like the following
>
> @GET
> public Object getSecureData(@Context SecurityContext securityContext,
> @Context UriInfo uriInfo) {
> if (!securityContext.isSecure()) {
> ResponseBuilder rb = Response.status(Status.MOVED_PERMANENTLY);
> rb.entity("You must use a secure connection");
> rb.location(uriInfo.getRequestUriBuilder().scheme("https").build());
> throw new WebApplicationException(rb.build());
> }
> // deliver secure data
> }
>
> what about a method SecurityContext.ensureSecure() that throws a
> WebApplication with a redirect to https, if the call was insecure?
> This will result in better readeable code. Another possiblity is to use
> an annotation for this. But this is only useful if we also define the
> use of @RolesAllowed
>
> @GET
> public Object getSecureData(@Context SecurityContext securityContext,
> @Context UriInfo uriInfo) {
> securityContext.ensureSecure();
> // deliver secure data
> }
>
> The runtime environment must know at set-up time, what the base uri for
> corresponding http requests is. If no secure base uri was given, or
> https is otherwise not supported, this method could e.g. reject the
> request with status 500 and log a message.
>
> best regards
> Stephan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_jsr311.dev.java.net
> For additional commands, e-mail: dev-help_at_jsr311.dev.java.net
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com