Struts SSL extension: extend secure action property

[Raymond Penners <ra...@crossverge.com>]

Hi,

I am currently developing a web application using Struts and the SSL 
extension (http://sslext.sourceforge.net/), which is really helpful. I 
have a question though...

The web application features a "browse catalog" action, using which 
users (both anonymous and logged-on users) can browse the online 
catalog. Users can also logon using a secure logon action. Once logged 
on, I would like them to stay in https mode to avoid bombarding users 
with "you are about to enter/leave a secure page" messages.

The problem is: the "browse catalog" action is not marked as secure. 
Meaning, logged on users in https mode get switched back to non-secure 
mode when browsing the catalog.

IMHO, a nice solution to this problem would be to replace the binary 
secure property for an action with a ternary option:
- yes: forced switched to https.
- no: forced switched to http.
- any/keep/dontcare: any mode will do.

What do you think?  I could implement this myself, but I would like to 
get some feedback on this first. I have submitted a feature request and 
tried contacting the original author, but unfortunately I got not 
response...

Regards,
--
Raymond Penners



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org