CODEWITHSUNDEEP
javasslhttpsplayframework
Damon Julian
Damon Julian

Reputation: 3989

using ssl in play1.2.4 application

I need to make certain requests in my web application use the https connector.Suppose I have two methods in my CustomerController which need to send sensitive info .Also ,I use a subclass of controllers.Secure.Securityfor authentication (by implementing authenticate(..),so the login info will have to go through ssl.

I went through the documentation on configuring ssl.From SO posts,found that I need to have a controller to ensure ssl.

class EnsureSSL extends Controller {
@Before 
static void verifySSL() { 
    if(!request.secure) { 
    redirect("https://" + request.host + request.url); 
    } 
} 
}

Now,I need to use this on any request that sends sensitive info.I want to use it on the login /authentication requests as well as the two sensitive methods of CustomerController.

what is the correct way of doing this?@With(..) can only be used for the whole class .So I cannot make only certain methods in the CustomerController class to use SSL. If I restrict the whole class,would that not increase the load?

wanted something like a method level decoration for CustomerController.java

class CustomerController extends Controller{
    @With(EnsureSSL.class)//cannot do this!
    public static void sensitiveMethod1(...){
        ...
    }
    @With(EnsureSSL.class)
    public static void sensitiveMethod2(...){
        ...
    }
    public static void freeForAllToSee(...){
        ...
    }
}

class level decoration for Security.java

@With(EnsureSSL.class)
class Security extends controllers.Secure.Security {
    static boolean authenticate(String username, String password) {
    ...
    }
}

I would like to know if I am on the wrong track..Can someone please advise?

Upvotes: 1

Views: 164

Answers (1)

Alexander Ponomarenko
Alexander Ponomarenko

Reputation: 559

You can create your own Annotation for this:

package utils;

@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface RequiresSSL {
}

Now create controller methods like this:

@With(EnsureSSL.class)
class CustomerController extends Controller{
    @RequiresSSL 
    public static void sensitiveMethod1(...){
        ...
    }
    @RequiresSSL 
    public static void sensitiveMethod2(...){
        ...
    }
    public static void freeForAllToSee(...){
        ...
    }
}

And modify your EnsureSSL befoe check to:

class EnsureSSL extends Controller {
    @Before 
    static void verifySSL() { 
        if((!request.secure) 
            && (request.invokedMethod.getAnnotation(RequiresSSL.class) != null)) { 
        redirect("https://" + request.host + request.url); 
        } 
    } 
}

Upvotes: 2

Related Questions