Hi Nuwan,
this is the stuff I was looking for. Just some configuration in struts.xml and
a few annotations.
The Struts PlugIs is easy to use, and now everything works as expected.
Thanks a lot,
regards,
Anastasios.
-----Ursprüngliche Nachricht-----
Von: Nuwan Chandrasoma [mailto:[EMAIL PROTECTED]
Gesendet: Mittwoch, 23. Juli 2008 14:21
An: Struts Users Mailing List
Betreff: Re: [S2] Using SSL, HTTP, HTTPS and invoking Action classes
Hi,
Have a look at this plug-in, it may help you
http://code.google.com/p/struts2-ssl-plugin/
Thanks,
Nuwan
Anastasios Patrikis wrote:
> Hi,
>
> I have problem in switching my application context from http to https an
> back again.
> Because I am new to Struts I am not sure if I use the framework the
> right way, so any help or hint is greatly appreciated
>
> Here is the task: I have some pages in my application which are
> available via http. There is a step in which the user is requested to
> enter some personal data, and the user can create a account. This page
> should be secured using SSL on a https site. Later on, the user should
> be redirected back to http.
>
>
> First problem: I do not know if the setup for using SSL is "the Struts
> way" because it is quiet hard to find information in how to use SSL and
> Struts.
> However, this is how I configured the application.
>
> - in web.xml I added the action which causes the switch from http to
> https:
> <security-constraint>
> <web-resource-collection>
> <!-- login -->
> <url-pattern>/Login.action</url-pattern>
> </web-resource-collection>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> - in struts.xml I have a definition for the action:
> <action name="Login" class="com.action.CustomerLoginAction"
> method="userLogin">
> <result name="error">/ErrorPage.jsp</result>
> <result>/LoginPage.jsp</result>
> </action>
>
> - as all following request are made in the secured context I wrote a
> simple action class for redirecting back to http.
>
> First question is if this is the right way. It seems to be a quiet
> complicated solution for a common task.
>
>
> Second problem: without changing into a secure context (no
> "security-constraint" in web.xml) I can call my action class and some
> properties are set by the framework calling the appropriate "set"
> methods. After applying the "security-constraint" in the web.xml file
> the "set" methods are not invoked any more.
>
> Second question: is this the behavior by design? How should I set the
> necessary properties, by using session variables? I found an article
> which describes a problem by using a session variable in combination
> with SSL: http://forums.opensymphony.com/thread.jspa?messageID=130588.
> Once again I think my solution is to complicated and this task is
> supported by the framework without me knowing how to do it a better way.
>
> Best regards,
>
> Anastasios.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
