Re: Enabling SSL in Struts 2

Sun, 06 May 2007 05:16:32 -0700 

If you want a good security framework, just use Acegi Security for Spring :
http://www.acegisecurity.org/

Just configure a channelProcessingFilter as follow :

web.xml (put Acegi filter before struts2 one)
...
   <filter>
       <filter-name>Acegi Filter Chain Proxy</filter-name>
       <filter-class>org.acegisecurity.util.FilterToBeanProxy
</filter-class>
       <init-param>
           <param-name>targetClass</param-name>
           <param-value>org.acegisecurity.util.FilterChainProxy
</param-value>
       </init-param>
   </filter>

   <filter>
       <filter-name>Acegi Channel Processing Proxy</filter-name>
       <filter-class>org.acegisecurity.util.FilterToBeanProxy
</filter-class>
       <init-param>
           <param-name>targetClass</param-name>
           <param-value>
org.acegisecurity.securechannel.ChannelProcessingFilter</param-value>
       </init-param>
   </filter>
...
STRUTS2 Filter
...
   <filter-mapping>
     <filter-name>Acegi Filter Chain Proxy</filter-name>
     <url-pattern>/*</url-pattern>
   </filter-mapping>
   <filter-mapping>

   <filter-mapping>
     <filter-name>Acegi Channel Processing Proxy</filter-name>
     <url-pattern>/*</url-pattern>
   </filter-mapping>

applicationContext.xml
...
   <bean id="filterChainProxy" class="
org.acegisecurity.util.FilterChainProxy">
       <property name="filterInvocationDefinitionSource">
           <value>
               CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
               PATTERN_TYPE_APACHE_ANT
               /**=channelProcessingFilter
           </value>
       </property>
   </bean>
...
   <bean id="channelProcessingFilter" class="
org.acegisecurity.securechannel.ChannelProcessingFilter">
       <property name="channelDecisionManager">
           <ref bean="channelDecisionManager"/>
       </property>
       <property name="filterInvocationDefinitionSource">
           <value>
               CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
               \A/secure/.*\Z=REQUIRES_SECURE_CHANNEL
               \A.*\Z=REQUIRES_INSECURE_CHANNEL
           </value>
       </property>
   </bean>
   <bean id="channelDecisionManager" class="
org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
       <property name="channelProcessors">
           <list>
               <ref bean="secureChannelProcessor"/>
               <ref bean="insecureChannelProcessor"/>
           </list>
       </property>
   </bean>
   <bean id="secureChannelProcessor" class="
org.acegisecurity.securechannel.SecureChannelProcessor"/>
   <bean id="insecureChannelProcessor" class="
org.acegisecurity.securechannel.InsecureChannelProcessor"/>
...

Acegi provides authentication, authorization, instance-based access control,
channel security and human user detection capabilities.
JCaptcha and Jasypt make good coworkers.

PPDL

On 5/5/07, Craig Swift <[EMAIL PROTECTED]> wrote:


Hello,

I was wondering what is the best way to enable SSL connections in Struts
2? In Struts 1 we would use the secure tiles plugin but I'm unsure if
that's still an option and if it's the best one. Any information would
be appreciated since I couldn't find the subject in the guides or the
FAQ. Thanks!

Craig

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to