[securityfilter-devel] transport-guarantee secure port configuration

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

Okay, I've got an implementation of the <user-data-constraint> and
<transport-guarantee> support built and working. Now all I need to do is
add configuration for the target SSL port to use.

I basically have three options:

1. Add an optional attribute to an existing element in
   securityfilter-config.xml like <transport-guarantee sslport="123">

2. Add a new element to securityfilter-config.xml like
   <ssl-port>123</ssl-port>

3. Add a configuration parameter in web.xml for the filter itself.
   <filter>
      ...
      <init-param>
         <description>
            The port number to use when upgrading to an SSL connection
            to fulfill a transport-guarantee of INTEGRAL or
            CONFIDENTIAL.
         </description>
         <param-name>sslPort</param-name>
         <param-value>123</param-value>
      </init-param>

On the one hand, it's nice to have configuration in a single place (like
securityfilter-config.xml). On the other hand, that file should be as
much like the deployment descriptor's security-constraint sections as
possible.

I wondered if anyone had any thoughts on which strategy would be best.
I'm leaning toward #3.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHMPHF9CaO5/Lv0PARAus9AJ9Q5KwbHQoOoKrqiJKdpKZb0sP6IgCfQEJ8
CXH1qDzIAUqeRnrubSebomg=
=qa2U
-----END PGP SIGNATURE-----