[jboss-cvs] jboss-seam/doc/reference/en/modules ...

[Shane Bryzak]

  User: sbryzak2
  Date: 07/02/23 21:08:35

  Modified:    doc/reference/en/modules  security.xml
  Log:
  JBSEAM-914 documented scheme attribute
  
  Revision  Changes    Path
  1.46      +46 -0     jboss-seam/doc/reference/en/modules/security.xml
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: security.xml
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/doc/reference/en/modules/security.xml,v
  retrieving revision 1.45
  retrieving revision 1.46
  diff -u -b -r1.45 -r1.46
  --- security.xml	24 Feb 2007 00:54:06 -0000	1.45
  +++ security.xml	24 Feb 2007 02:08:35 -0000	1.46
  @@ -953,6 +953,52 @@
     </sect1>
       
     <sect1>
  +    <title>SSL Security</title>
  +    
  +    <para>
  +      Seam includes basic support for serving sensitive pages via the HTTPS protocol.  This is easily
  +      configured by specifying a <literal>scheme</literal> for the page in <literal>pages.xml</literal>.
  +      The following example shows how the view <literal>/login.xhtml</literal> is configured to use
  +      HTTPS:
  +    </para>
  +    
  +    <programlisting><![CDATA[  <page view-id="/login.xhtml" scheme="https">]]></programlisting>
  +    
  +    <para>
  +      This configuration is automatically extended to both <literal>s:link</literal> and 
  +      <literal>s:button</literal> JSF controls, which (when specifying the <literal>view</literal>)
  +      will also render the link using the correct protocol.  Based on the previous example, the following 
  +      link will use the HTTPS protocol because <literal>/login.xhtml</literal> is configured to use it:
  +    </para>
  +    
  +    <programlisting><![CDATA[  <s:link view="/login.xhtml" value="Login"/> ]]></programlisting>
  +    
  +    <para>
  +      Browsing directly to a view when using the <emphasis>incorrect</emphasis> protocol will cause a 
  +      redirect to the same view using the <emphasis>correct</emphasis> protocol.  For example, browsing
  +      to a page that has <literal>scheme="https"</literal> using HTTP will cause a redirect to the same
  +      page using HTTPS.
  +    </para>
  +    
  +    <para>
  +      It is also possible to configure a default <literal>scheme</literal> for all pages.  This is actually
  +      quite important, as you might only wish to use HTTPS for a few pages, and if no default scheme is
  +      specified then the default behavior is to continue using the current scheme.  What this means is that
  +      once you enter a page with HTTPS, then HTTPS will continue to be used even if you navigate away to
  +      other non-HTTPS pages (a bad thing!).  So it is strongly recommended to include a default 
  +      <literal>scheme</literal>, by configuring it on the default (<literal>"*"</literal>) view:
  +    </para>
  +    
  +    <programlisting><![CDATA[  <page view-id="*" scheme="http"> ]]></programlisting>
  +    
  +    <para>
  +      Of course, if <emphasis>none</emphasis> of the pages in your application use HTTPS then it is not 
  +      required to specify a default scheme.
  +    </para>
  +  
  +  </sect1>
  +    
  +  <sect1>
       <title>Implementing a Captcha Test</title>
       
       <para>