jakarta-cactus-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Koegel, Michael" <Michael.Koe...@partner.commerzbank.com>
Subject AW: HTTPS
Date Mon, 02 Sep 2002 08:46:47 GMT
Hi Vincent,

my use case is indeed to verify that the container is set up correctly.
I try to write a installation verification programm for our base
configuration.

Another use case would be the test of form based login, as some containers
allow this only through secure connections.

Checking that session handling based on ssl-id works correctly would be a
third.

On the other hand will existing cactus test fail if a container is set up to
only
allow https connections. In that case the setup is not transparent to the
application
(Webapp containing cactus tests) because the application doesn't work.

Your point about additional requirements on the client side is true, but
only to the
extend that most JDKs already meet the requirements and you have to cope
with this
anyway if you want to run a secure environment. If you don't those
requirements don't
bother you.

As most of our current problems are based on errors in the container
implementation it is
a good thing to be able to test those container specific behaviors.

--MK



-----Urspr√ľngliche Nachricht-----
Von: Vincent Massol [mailto:vmassol@octo.com]
Gesendet am: Samstag, 31. August 2002 20:37
An: 'Cactus Users List'
Betreff: RE: HTTPS

Hi Michael,

Yes, it is a possibility. Actually it shouldn't be too hard to support.
I'm less sure about the benefits. My reasons are:

- HTTPS is supposed to be completely transparent from the point of view
of the application which shouldn't care if HTTP or HTTPS was used. HTTP
is more a deployment choice I think. BTW, I don't recall any API in the
Servlet spec related to HTTPS (and I don't think it should).

- Using HTTPS would require additional jars to be put on the client side
classpath. It would also require additional setup on the server side
(certificates, config, etc) to support it.

- The only thing it would buy us would be to ensure that HTTPs is set up
correctly in the application configuration (as opposed to the code). ATM
Cactus is mostly concerned to test the code - although it also tests its
interaction with the container. HTTPS would purely test container set up
and not the code (unless I am mistaken somewhere ...).

Do you have any specific use case in mind ?

Thanks
-Vincent

> -----Original Message-----
> From: Koegel, Michael [mailto:Michael.Koegel@partner.commerzbank.com]
> Sent: 22 August 2002 09:13
> To: cactus-user@jakarta.apache.org
> Subject: HTTPS
> 
> Hi all,
> 
> will Cactus-xy-1.4 support HTTPS now that HTTPClient is used?
> 
> Regards,
>  Michael
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:cactus-user-
> unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:cactus-user-
> help@jakarta.apache.org>



--
To unsubscribe, e-mail:
<mailto:cactus-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:cactus-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:cactus-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:cactus-user-help@jakarta.apache.org>


Mime
View raw message