You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Raymond Penners <ra...@crossverge.com> on 2003/06/06 09:56:15 UTC
Struts SSL extension: extend secure action property
Hi,
I am currently developing a web application using Struts and the SSL
extension (http://sslext.sourceforge.net/), which is really helpful. I
have a question though...
The web application features a "browse catalog" action, using which
users (both anonymous and logged-on users) can browse the online
catalog. Users can also logon using a secure logon action. Once logged
on, I would like them to stay in https mode to avoid bombarding users
with "you are about to enter/leave a secure page" messages.
The problem is: the "browse catalog" action is not marked as secure.
Meaning, logged on users in https mode get switched back to non-secure
mode when browsing the catalog.
IMHO, a nice solution to this problem would be to replace the binary
secure property for an action with a ternary option:
- yes: forced switched to https.
- no: forced switched to http.
- any/keep/dontcare: any mode will do.
What do you think? I could implement this myself, but I would like to
get some feedback on this first. I have submitted a feature request and
tried contacting the original author, but unfortunately I got not
response...
Regards,
--
Raymond Penners
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org