You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by David White <da...@hotmail.com> on 2001/12/06 21:20:14 UTC
Session Lost During Transition From http to https
Please respond to davepwhite@hotmail.com if possible due to problems with my
ATT Cable Internet. Thanks..
I am trying to get my struts webapp to transition in/out of https for
sending sensitive info. I want to be in https only when needed and in http
the rest of the time. I have seen many web sites do this (hotmail for one).
So after reading all kinds of struts faq's, maillist archives, etc, I have
created a routine which dynamically constructs a url and creates an
ActionForward (with redirect=true). The code follows below. It is base on
some other code found in the mail archives.
I am running tomcat 3.2.3 in its default configuration. So http is on port
8080 and I place the https connector on port 8443. All seems ok when tomcat
starts up.
So my application starts out in http presenting its index page. When the
user presses our logon link, the servicing struts action gets the configured
success forward and passes it to the function below and returns the result
to struts. When I do this, all session info is lost. I can tell that a new
session is created because the value of the JSESSIONID cookie changes.
So the path starts out something like
http://mutantcow:8080/webapp/index.jsp. Then the path gets changed to
something like https://mutantcow:8443/webapp/displayLogin.jsp.
I have noted that when running tomcat on "default" ports (80 & 443), all
runs perfectly. But this is a pain as my Linux box only allows this if the
webapp is run by root (which I usually am not).
It appears from what I have read that struts should handle this sort of
thing. I am not sure if it is a struts issue of a more general problem.
Any help is appreciated.
Thanks,
David
import org.apache.struts.action.*;
import javax.servlet.http.*;
import org.apache.log4j.*;
/**
* Class ActionUtils
*
*
* @author David P. White
* @version %I%, %G%
*
*/
public class ActionUtils {
private ActionUtils() {
}
/**
* Function to "toggle" between HTTP and HTTPS. Based in part on code
written
* by Michael Mok (moktc@hotmail.com) and found in the struts mail archive
at
*
http://www.mail-archive.com/struts-user@jakarta.apache.org/msg16488.html.
* this only works if you are using the ports defined above.
*
* @param forward The action to which we ultimately wish to forward.
* @param request The current request.
* @param secureRequired How to translate - true yields HTTPS, false
yields HTTP.
*
* @return A translated action that forwards to the original location but
* does so in the requested mode.
*/
public static ActionForward translateToFromHttps(ActionForward forward,
HttpServletRequest request, boolean secureRequired) {
String path = forward.getPath();
Logger.trace(s_cat, "forward path: " + path);
String contextPath = request.getContextPath();
contextPath = (contextPath.equals("/")) ? "" : contextPath;
Logger.trace(s_cat, "context path: " + contextPath);
String serverPort = Integer.toString(request.getServerPort());
Logger.trace(s_cat, "server port: " + serverPort);
StringBuffer newUrl = new StringBuffer();
if (secureRequired) {
// if sending to a secure server
newUrl.append("https://");
serverPort = ":8443";
}
else {
newUrl.append("http://");
serverPort = ":8080";
}
newUrl.append(request.getServerName());
newUrl.append(serverPort);
newUrl.append(request.getContextPath());
newUrl.append(path);
// note that the following action forward is a redirection
ActionForward actionForward = new ActionForward(newUrl.toString(),
true);
return actionForward;
}
}
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>