You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "David G. Friedman" <hu...@ix.netcom.com> on 2005/04/01 01:51:16 UTC

RE: sslext java.lang.ClassCastException in SecureRequestProcessor

Mark,

If you plan on using the SecureRequestProcossor, isn't it expecting EVERY
action config to have a className of the SecureActionConfig?  Wouldn't it be
better for you to globally set the type so all actions use
secureActionConfig so you avoid case problems like this? (see action
"/Logon" which does NOT use SecureActionConfig while your requestProcessor
seems to expect it.

Regards,
David

-----Original Message-----
From: Mark Shifman [mailto:mark.shifman@yale.edu]
Sent: Thursday, March 31, 2005 2:57 PM
To: Struts Users Mailing List
Subject: sslext java.lang.ClassCastException in SecureRequestProcessor


I just started playing with sslext and I have a problem.

java.lang.ClassCastException
	org.apache.struts.action.SecureRequestProcessor.processPreprocess(SecureReq
uestProcessor.java:102)

My first login action is supposed to use ssl but it forwards to logon
action and a menu that doesn't need it.

from my struts config
<action path="/Welcome"
className="org.apache.struts.config.SecureActionConfig"
            type="org.apache.struts.actions.ForwardAction"
            parameter="/WEB-INF/jsp/logon.jsp">
<set-property property="secure" value="true"/>
        </action>

<action path="/Logon"
            type="org.ycmi.prot.ypresults.actions.LogonAction"
name="LogonForm"
            validate="true" input="/WEB-INF/jsp/logon.jsp"
parameter="method">
            <forward name="to_icat_menu"
path="/WEB-INF/jsp/icat_menu.jsp" />
        ...
</action>

<controller maxFileSize="15M"
processorClass="org.apache.struts.action.SecureRequestProcessor" />

      <plug-in className="org.apache.struts.action.SecurePlugIn">
        <set-property property="httpPort" value="8080"/>
        <set-property property="httpsPort" value="8443"/>
        <set-property property="enable" value="true"/>
        <set-property property="addSession" value="true"/>
      </plug-in>

I thought it would be nice to set
className="org.apache.struts.config.SecureActionConfig" on the action
rather than
type="org.apache.struts.config.SecureActionConfig" on the action-mapping
so I wouldn't have to setting the security
property for every single action.

When I look at line 102 that gives the error I am stumped as to why
there should be a problem with the class cast.
  mapping = (SecureActionConfig) processMapping(request, response, path);

Any ideas would be appreciated.
Mark Shifman


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org