You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Michael Rush <mi...@gmail.com> on 2006/09/15 18:23:36 UTC
sslext -- anyone using it?
I'm looking into implementing something to force ssl for logins (and
a few other pages) and then switching back to standard http once
logged in.
I found sslext at http://sslext.sourceforge.net/ but it looks like it
hasn't been updated in a couple of years. I have a couple of concerns:
* I'm running struts 1.3.x, which isn't officially supported
* it requires using a custom controller/processorClass. I'm
currently using the TilesRequestProcessor. So (I think) I'd have to
create a custom Tiles processor that extends their
SecureRequestProcessor.
Are any of you using sslext? Or, any other solution?
I also saw Ted's page at http://husted.com/struts/FAQ/controller-
ssl.htm where another solution was offered, but I'm opposed to
putting the host/domain info in the struts config file.
Any feedback would be appreciated.
Thanks,
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: sslext -- anyone using it?
Posted by Adam J Samere <as...@rochester.rr.com>.
I have been using the sslext library for some time. I have only used it
with Struts 1.1 and 1.2 though, never with 1.3.
As for your concerns regarding the custom controller/processor class,
sslext comes with a SecureTilesRequestProcessor class. I have been using
it with tiles without issue.
Adam
Michael Rush wrote:
> I'm looking into implementing something to force ssl for logins (and a
> few other pages) and then switching back to standard http once logged in.
>
> I found sslext at http://sslext.sourceforge.net/ but it looks like it
> hasn't been updated in a couple of years. I have a couple of concerns:
> * I'm running struts 1.3.x, which isn't officially supported
> * it requires using a custom controller/processorClass. I'm currently
> using the TilesRequestProcessor. So (I think) I'd have to create a
> custom Tiles processor that extends their SecureRequestProcessor.
>
> Are any of you using sslext? Or, any other solution?
>
> I also saw Ted's page at
> http://husted.com/struts/FAQ/controller-ssl.htm where another solution
> was offered, but I'm opposed to putting the host/domain info in the
> struts config file.
>
> Any feedback would be appreciated.
>
> Thanks,
> Michael
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: sslext -- anyone using it?
Posted by Brett Connor <br...@spamcop.net>.
Huh. Completely the wrong post to reply to. Sorry folks... this of course was
meant for the "Oracle Sequence" question.
Brett
Quoting Brett Connor <br...@spamcop.net>:
> selecting max... isn't a viable solution, because of other sessions as you
> say.
> Assuming you're at least using Java, you might want to look at
>
> java.sql.Statement.getGeneratedKeys()
>
> Oracle database returns generated keys in the 'C' i/f, my memory's rusty for
> JDBC but I know there is a way somewhere to get the key values in the same
> statement, rather than have to execute another statement for 'curval'.
> getGeneratedKeys() may be it.
>
> HTH
> Brett
>
>
> Quoting Michael Rush <mi...@gmail.com>:
>
> > I'm looking into implementing something to force ssl for logins (and
> > a few other pages) and then switching back to standard http once
> > logged in.
> >
> > I found sslext at http://sslext.sourceforge.net/ but it looks like it
> > hasn't been updated in a couple of years. I have a couple of concerns:
> > * I'm running struts 1.3.x, which isn't officially supported
> > * it requires using a custom controller/processorClass. I'm
> > currently using the TilesRequestProcessor. So (I think) I'd have to
> > create a custom Tiles processor that extends their
> > SecureRequestProcessor.
> >
> > Are any of you using sslext? Or, any other solution?
> >
> > I also saw Ted's page at http://husted.com/struts/FAQ/controller-
> > ssl.htm where another solution was offered, but I'm opposed to
> > putting the host/domain info in the struts config file.
> >
> > Any feedback would be appreciated.
> >
> > Thanks,
> > Michael
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: sslext -- anyone using it?
Posted by Brett Connor <br...@spamcop.net>.
selecting max... isn't a viable solution, because of other sessions as you say.
Assuming you're at least using Java, you might want to look at
java.sql.Statement.getGeneratedKeys()
Oracle database returns generated keys in the 'C' i/f, my memory's rusty for
JDBC but I know there is a way somewhere to get the key values in the same
statement, rather than have to execute another statement for 'curval'.
getGeneratedKeys() may be it.
HTH
Brett
Quoting Michael Rush <mi...@gmail.com>:
> I'm looking into implementing something to force ssl for logins (and
> a few other pages) and then switching back to standard http once
> logged in.
>
> I found sslext at http://sslext.sourceforge.net/ but it looks like it
> hasn't been updated in a couple of years. I have a couple of concerns:
> * I'm running struts 1.3.x, which isn't officially supported
> * it requires using a custom controller/processorClass. I'm
> currently using the TilesRequestProcessor. So (I think) I'd have to
> create a custom Tiles processor that extends their
> SecureRequestProcessor.
>
> Are any of you using sslext? Or, any other solution?
>
> I also saw Ted's page at http://husted.com/struts/FAQ/controller-
> ssl.htm where another solution was offered, but I'm opposed to
> putting the host/domain info in the struts config file.
>
> Any feedback would be appreciated.
>
> Thanks,
> Michael
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org