Home/ Questions/Q 7585807
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T19:15:49+00:00

I need to make certain requests in my web application use the https connector.Suppose

  • 0

I need to make certain requests in my web application use the https connector.Suppose I have two methods in my CustomerController which need to send sensitive info .Also ,I use a subclass of controllers.Secure.Securityfor authentication (by implementing authenticate(..),so the login info will have to go through ssl.

I went through the documentation on configuring ssl.From SO posts,found that I need to have a controller to ensure ssl.

class EnsureSSL extends Controller {
@Before 
static void verifySSL() { 
    if(!request.secure) { 
    redirect("https://" + request.host + request.url); 
    } 
} 
}

Now,I need to use this on any request that sends sensitive info.I want to use it on the login /authentication requests as well as the two sensitive methods of CustomerController.

what is the correct way of doing this?@With(..) can only be used for the whole class .So I cannot make only certain methods in the CustomerController class to use SSL. If I restrict the whole class,would that not increase the load?

wanted something like a method level decoration for CustomerController.java

class CustomerController extends Controller{
    @With(EnsureSSL.class)//cannot do this!
    public static void sensitiveMethod1(...){
        ...
    }
    @With(EnsureSSL.class)
    public static void sensitiveMethod2(...){
        ...
    }
    public static void freeForAllToSee(...){
        ...
    }
}

class level decoration for Security.java

@With(EnsureSSL.class)
class Security extends controllers.Secure.Security {
    static boolean authenticate(String username, String password) {
    ...
    }
}

I would like to know if I am on the wrong track..Can someone please advise?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can create your own Annotation for this:

    package utils;

@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface RequiresSSL {
}

    Now create controller methods like this:

    @With(EnsureSSL.class)
class CustomerController extends Controller{
    @RequiresSSL 
    public static void sensitiveMethod1(...){
        ...
    }
    @RequiresSSL 
    public static void sensitiveMethod2(...){
        ...
    }
    public static void freeForAllToSee(...){
        ...
    }
}

    And modify your EnsureSSL befoe check to:

    class EnsureSSL extends Controller {
    @Before 
    static void verifySSL() { 
        if((!request.secure) 
            && (request.invokedMethod.getAnnotation(RequiresSSL.class) != null)) { 
        redirect("https://" + request.host + request.url); 
        } 
    } 
}
    • 0