REDIRECT=TRUE and switching from HTTPS to HTTP

[Struts <st...@getsilicon.net>]

I have Apache running HTTP and HTTPS (with SSL enabled and mod_rewrite is
used to rewrite HTTP to HTTPS) at web tier and Resin 2.1.10 running behind.
My goal is to secure the whole site. I am able to configure Apache/SSL so
when the first page is hit, it gets redirected to https from there on.
However, when I have Struts involved, it forms the URL with HTTP rather than
HTTPS. Thus, a window will pop up in front of browser saying I am being
redirected to a unsecure site, even though after I click on Yes to continue,
it switches back to HTTPS. As a proof, the unsecured URL request formed from
Struts goes to Apache's non-SSL log.

The Resin log shows the following right before the browser gets the prompt
for unsecure connection warning:

1097268 DEBUG [tcpConnection-6802-6] action.RequestProcessor -
processForwardConfig(ForwardConfig[name=null,path=/core/sitemap.jsp,redirect
=true,ontextRelative=false])


And in struts config file, REDIRECT is set to TRUE. We'd like to keep
REDIRECT=TRUE because, if not, when user click on the Back button, it seems
to lose the session information.

My question is: is there anyway to prevent it from temporarily switching to
HTTP (thus it won't pop up the window) while still having REDIRECT=TRUE?

Appreciated!




---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org