You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Robert Scaduto <rs...@bellsouth.net> on 2002/02/01 23:22:48 UTC
Implementing HTTPS in Struts
Hello all, my name is Rob Scaduto and I have just recently joined the Struts
user mailing list.
I have yet to find any resources talking about how to handle switching
between http and https (and vice versa) using struts. The only solution I
was able to come up with was sub classing the Struts LinkTag and adding a
secure attribute.
This would then dynamically build an absolute path based on the jsp. This
works great when you use the forward or page attribute, but doesn't work at
all if you use the href attribute.
I'd like to have a solution that works in all cases and I was curious if
someone could add some insight.
Thanks in advance,
Rob
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Implementing HTTPS in Struts
Posted by Max Cooper <ma...@maxcooper.com>.
Rob,
A group of developers (including me) recently proposed a Struts
change/extension to handle that very situation. The basic principle in the
proposal is that you can mark an action mapping as "secure", and the
html:link tag will adjust the URL of links to that action accordingly. It
also goes the other direction, by generating absolute, non-secure links back
to non-secure actions. There is some other functionality in there, too, but
the main concept is that you can just specify what actions you want to be
secure, and the framework takes care of the rest.
You can get more information and download the code (including an example
app) here:
http://struts.ditlinger.com/
Please give us your feedback.
-Max
----- Original Message -----
From: "Robert Scaduto" <rs...@bellsouth.net>
To: "'Struts Users Mailing List'" <st...@jakarta.apache.org>
Sent: Friday, February 01, 2002 2:22 PM
Subject: Implementing HTTPS in Struts
> Hello all, my name is Rob Scaduto and I have just recently joined the
Struts
> user mailing list.
>
> I have yet to find any resources talking about how to handle switching
> between http and https (and vice versa) using struts. The only solution I
> was able to come up with was sub classing the Struts LinkTag and adding a
> secure attribute.
>
> This would then dynamically build an absolute path based on the jsp. This
> works great when you use the forward or page attribute, but doesn't work
at
> all if you use the href attribute.
>
> I'd like to have a solution that works in all cases and I was curious if
> someone could add some insight.
>
> Thanks in advance,
>
> Rob
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Implementing HTTPS in Struts
Posted by cahana <ca...@hawaii.edu>.
Steve Ditlinger and his group have come up with a good solution. You can
download a sample program at http://struts.ditlinger.com.
----- Original Message -----
From: "Robert Scaduto" <rs...@bellsouth.net>
To: "'Struts Users Mailing List'" <st...@jakarta.apache.org>
Sent: Friday, February 01, 2002 12:22 PM
Subject: Implementing HTTPS in Struts
> Hello all, my name is Rob Scaduto and I have just recently joined the
Struts
> user mailing list.
>
> I have yet to find any resources talking about how to handle switching
> between http and https (and vice versa) using struts. The only solution I
> was able to come up with was sub classing the Struts LinkTag and adding a
> secure attribute.
>
> This would then dynamically build an absolute path based on the jsp. This
> works great when you use the forward or page attribute, but doesn't work
at
> all if you use the href attribute.
>
> I'd like to have a solution that works in all cases and I was curious if
> someone could add some insight.
>
> Thanks in advance,
>
> Rob
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Implementing HTTPS in Struts
Posted by Robert Taylor <rt...@mulework.com>.
>From Steve Ditlinger's earlier post (1/24/2002):
<snip>
Common custom or not, I was deluged with messages from mail servers around
the world that the attachment would be removed. So, we have now made the
source code and sample app (sans the jsse jars) available at
http://struts.ditlinger.com and
http://us.f1.yahoofs.com/users/aee2731f/bc/public/Security+Extension+To+Stru
ts.jar?bcnjho8Ao43PhqrL.
Please try it out and let us know what you think.
</snip>
HTH,
robert
> -----Original Message-----
> From: Robert Scaduto [mailto:rscaduto@bellsouth.net]
> Sent: Friday, February 01, 2002 5:23 PM
> To: 'Struts Users Mailing List'
> Subject: Implementing HTTPS in Struts
>
>
> Hello all, my name is Rob Scaduto and I have just recently joined
> the Struts
> user mailing list.
>
> I have yet to find any resources talking about how to handle switching
> between http and https (and vice versa) using struts. The only solution I
> was able to come up with was sub classing the Struts LinkTag and adding a
> secure attribute.
>
> This would then dynamically build an absolute path based on the jsp. This
> works great when you use the forward or page attribute, but
> doesn't work at
> all if you use the href attribute.
>
> I'd like to have a solution that works in all cases and I was curious if
> someone could add some insight.
>
> Thanks in advance,
>
> Rob
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>