Hi, Have a look at this plug-in, it may help you
http://code.google.com/p/struts2-ssl-plugin/ Thanks, Nuwan Anastasios Patrikis wrote:
Hi, I have problem in switching my application context from http to https an back again. Because I am new to Struts I am not sure if I use the framework the right way, so any help or hint is greatly appreciated Here is the task: I have some pages in my application which are available via http. There is a step in which the user is requested to enter some personal data, and the user can create a account. This page should be secured using SSL on a https site. Later on, the user should be redirected back to http. First problem: I do not know if the setup for using SSL is "the Struts way" because it is quiet hard to find information in how to use SSL and Struts. However, this is how I configured the application. - in web.xml I added the action which causes the switch from http to https: <security-constraint> <web-resource-collection> <!-- login --> <url-pattern>/Login.action</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> - in struts.xml I have a definition for the action: <action name="Login" class="com.action.CustomerLoginAction" method="userLogin"> <result name="error">/ErrorPage.jsp</result> <result>/LoginPage.jsp</result> </action> - as all following request are made in the secured context I wrote a simple action class for redirecting back to http. First question is if this is the right way. It seems to be a quiet complicated solution for a common task. Second problem: without changing into a secure context (no "security-constraint" in web.xml) I can call my action class and some properties are set by the framework calling the appropriate "set" methods. After applying the "security-constraint" in the web.xml file the "set" methods are not invoked any more. Second question: is this the behavior by design? How should I set the necessary properties, by using session variables? I found an article which describes a problem by using a session variable in combination with SSL: http://forums.opensymphony.com/thread.jspa?messageID=130588. Once again I think my solution is to complicated and this task is supported by the framework without me knowing how to do it a better way. Best regards, Anastasios. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]