Security with SSL

From Resin 3.0

Jump to: navigation, search


When used

When you want to restrict access to a section of the web site to SSL access only, use the security <resin:Allow> with the <resin:IfSecure> tag.

The <resin:Allow> defines a restricted area with a set of url-pattern tags. (You can use more than one.) The child tags in the <resin:Allow> describe the particular restrictions.

The <resin:IfSecure> restriction checks for a SSL connection.

WEB-INF/resin-web.xml for SSL access

 <web-app xmlns="http://caucho.com/ns/resin"
          xmlns:resin="urn:java:com.caucho.resin">
 
   <resin:Allow>
      <url-pattern>/quidditch/*</url-pattern>

      <resin:IfSecure/>
   </resin:Allow>

 </web-app>

The website has a restricted section /quidditch which is only accessible through SSL. The <resin:Allow> defines the restricted site, and the <resin:IfSecure> restricts access to SSL.

Personal tools