<- PowerForms - Declarative Form Input Validation | Contents | Sending Emails -> |
To ensure authentication and confidentiality of the communication between the server and the clients, JWIG supports HTTP Authentication and SSL (Secure Sockets Layer).
The JWIG distribution contains a simple example service Authentication.jwig, which uses both SSL and HTTP Authentication.
The methods listed below define security requirements, either locally for the current thread or globally for the entire service.
The makeUserFile method can be used to create a file containing usernames and passwords:
class dk.brics.jwig.runwig.Service.Session
public void makeUserFile(boolean local, java.lang.String userfile, java.util.List usernames, java.util.List passwords, boolean encrypt) throws java.io.IOException
|
The setAccessControl method can be used to write the ".htaccess" file for enabling client authentication and also for requiring SSL encryption (the name ".htaccess" depends on the AccessFileName directive in httpd.conf):
class dk.brics.jwig.runwig.Service.Session
public void setAccessControl(boolean local, java.lang.String userfile, java.lang.String realm, boolean require_ssl) throws java.io.IOException
|
The removeAccessControl method removes the ".htaccess" file to disable authentication and SSL requirements:
class dk.brics.jwig.runwig.Service.Session
public boolean removeAccessControl(boolean local)
|
To use SSL, mod_ssl must be installed in your Apache Web server, together with a server certificate. The configuration of mod_ssl is managed through Apache - independently of the JWIG system.
The HTTPS environment variable (available in the env map) is set if the last interaction was made through SSL.
The enableAccessControl method described above should always be used to set the SSLRequireSSL flag such that SSL cannot be bypassed.
The enableSSL method can be used to change the HTTP protocol to https in subsequently generated URLs:
class dk.brics.jwig.runwig.Service.ServerThread
public void enableSSL()
|
The disableSSL method can be used to change the HTTP protocol to http in subsequently generated URLs:
class dk.brics.jwig.runwig.Service.ServerThread
public void disableSSL()
|
If more advanced control over SSL or HTTP Authentication is required, the Apache Web server configuration files, in particular .htaccess, should be written manually.
<- PowerForms - Declarative Form Input Validation | Contents | Sending Emails -> |