You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Dinesh Mehra <di...@gmail.com> on 2006/01/27 10:34:33 UTC

Secure - Non Secure problem (http-https)

Hi,

I have a shipping/billing page (secure page - https) in a shopping cart
application. If there is any error then I am redirecting to home page that
is non-secure(http).

The problem is that after error in the secure pages its redirecting to home
page but in the same secure https mode.

Is there any way in struts-config.xml (either by action mapping or in
forward tag) where I can rectify this situation??

Any sort of help would be appreciated.

Thanks in advance.

--
Regards,
Dinesh

Re: Secure - Non Secure problem (http-https)

Posted by Dave Newton <ne...@pingsite.com>.

Nick Sophinos wrote:
> Although there probably is, I am old-fashioned and implement that in
> a Servlet Filter. 
Even old-fashioned programmers can use a configuration file of some sort ;)

One nice thing about sslext is that it's integrated  into the struts
config file, so there's one less place to look for stuff annnnnd you
don't have to update code if there are any changes.

Dave

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Secure - Non Secure problem (http-https)

Posted by Nick Sophinos <ni...@gmail.com>.

Hi,
Although there probably is, I am old-fashioned and implement that in
a Servlet Filter.   Below is such a Filter.  It will redirect person either
to
or from a https port depending on whether the URL matches a given
pattern.


**
 * This class contains an web application SSL filter
 *
 * @author Nick Sophinos, OK well surely lifted from someone else.
 *
 */

public class SSLFilter implements Filter {

  private FilterConfig filterConfig;
  Log log;

  public void init(FilterConfig config) throws ServletException {
    this.filterConfig = config;
    log = Core.getLogger();
  }


  public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
  throws IOException, ServletException {

    String logId = Util.getLogId(this, "doFilter");
    log.debug("IN " + logId);

    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;

    String scheme = request.getScheme();
    String servletPath = httpRequest.getServletPath();
    StringBuffer requestURL = httpRequest.getRequestURL();
    String queryString = httpRequest.getQueryString();
    if (queryString != null && queryString.length() > 0) {
      requestURL.append("?" + httpRequest.getQueryString());
    }
    String requestURLString = requestURL.toString();
    log.debug(logId + servletPath + " SECURE? " + servletPath.startsWith
("/secure/"));

    if(!servletPath.startsWith("/images/") &&
!servletPath.startsWith("/js/")  && !servletPath.startsWith("/css/")) {
      if(scheme != null && !scheme.equals("https") &&
servletPath.startsWith("/secure/"))
{
        log.debug(logId + "Requested URL that was NOT SSL and SHOULD BE.");
        log.debug(logId + "The requestURL is " + requestURLString );
        requestURLString = requestURLString.replaceFirst("http", "https");
        log.debug(logId + "The new requestURL is " + requestURLString );
        httpResponse.sendRedirect(requestURLString);
      }
      else if(scheme != null && scheme.equals("https") &&
!servletPath.startsWith("/secure/")) {
        log.debug(logId + "Requested URL that was SSL and SHOULD NOT BE.");
        log.debug(logId + "The requestURL is " + requestURLString );
        requestURLString = requestURLString.replaceFirst("https", "http");
        log.debug(logId + "The new requestURL is " + requestURLString );
        httpResponse.sendRedirect(requestURLString);
      }
      else {
        chain.doFilter(request, response);
      }
    }
    else {
      chain.doFilter(request, response);
    }
  }


  public void destroy() {

  }
}

On 1/27/06, Dave Newton <ne...@pingsite.com> wrote:
>
> Dinesh Mehra wrote:
> > Is there any way in struts-config.xml (either by action mapping or in
> > forward tag) where I can rectify this situation??
> >
> http://struts.apache.org/struts-doc-1.2.x/faqs/ssl.html
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

Re: Secure - Non Secure problem (http-https)

Posted by Dave Newton <ne...@pingsite.com>.

Dinesh Mehra wrote:
> Is there any way in struts-config.xml (either by action mapping or in
> forward tag) where I can rectify this situation??
>   
http://struts.apache.org/struts-doc-1.2.x/faqs/ssl.html



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org