Re: [Bodington-developers] Abolute URLs - Bug or Bug Fix?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Matthew Buckett wrote:
> The primary advantage is that you no longer have to configure Bodington 
> to get it running. This makes the quickstart just work. It also means if 
> you decide to change the hostname that Bodington is deployed under you 
> don't have to perform any reconfiguration other than to your servlet 
> container.
>   
So how about one or two extra bodington.properties entries for my use?
> Why would you want to serve a Website up under several names?
> I can see this may have been an argument 5 years ago when there where 
> clients that didn't support HTTP/1.0 and so didn't work with virtual 
> hosts but this is 2006. Hosting a website under multiple domains leaves 
> you a little exposed to spoofing attacks as users no longer rely on 
> looking at the URL bar to determine if they are at the correct site.
>   
You may not _want_ to have multiple names but sometimes you don't get a 
choice.  My problem is that the server is also 'localhost' which I was 
using in my Apache configuration.  However the problem for others is 
that the official name might change - e.g. Bodington Common at Leeds was 
on www.fldu.leeds.ac.uk but a new name vle.leeds.ac.uk was adopted. The 
old alias is needed to handle links into the VLE from other web sites 
but the new name is the official one.  The multiple names will also 
occur if the physical server has multiple functions, e.g. 
mail.uni.ac.uk, www.uni.ac.uk etc.  The configured server name forces 
the user to access the proper url.
> I can see that this is a valid use of the old setup and hadn't though of it.
>
> It should be reasonably easy to support using the bodington.properties 
> if they are set and if not falling back the request properties.
>   
That would also require a change to the setup servlet since setting the 
port numbers and server name seems to be compulsory.
> Have you considered using AJP rather than mod_proxy which will preserve 
> the orginal URLs (I believe) so you don't hit this problem.
>
> http://tomcat.apache.org/tomcat-5.5-doc/connectors.html
>   
I did and I can't remember why I rejected it. Possible because mod_proxy 
is very easy to set up.
> It was previously an undocumented feature ;-)
>   
O.K., how about this;  change the text of the setup servlet to indicate 
that the server name is only required if the users could access the 
server using multiple names.  Then the code that constructs absolute 
URLs for inclusion in HTML can use the server name in the properties 
file but if not set use the server name in the request. Similarly the 
port numbers - use the values from the properties file if available.

There is still a problem with your no-configuration option.  When the 
user is switched from non-secure to secure for their password how can 
you determine the right port number if it isn't configured by the 
sysadmin using setup servlet?

Jon