struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Raible <matt_rai...@yahoo.com>
Subject RE: https and struts - forcing an https connection
Date Fri, 05 Oct 2001 15:57:03 GMT
What I'm trying to do is to check on my form-login page (which everyone will
enter the application through) if they are using http, and if so, switch them
to https.

I can do this with the following javascript - I was just wondering if there is
anyway in the web.xml or other files that you can specify "only allow https"?

  <script language="Javascript" type="text/javascript">
      var loc = document.location.toString();
      var index = loc.indexOf(":");
      var url = loc.substring(index,loc.length);
      if (index == "4") { 
         secureUrl = "https" + url;
         location.replace(secureUrl); // get rid of current page in history
	 location.href = secureUrl;
      }
   </script>

Thanks,

Matt

--- Michael Mok <michaelm@consultech.net.au> wrote:
> Hi Matt
> 
> Here is the code I have written to redirect connection from HTTP to HTTPS
> and vice versa
> 
>     /*
>     *
>     *
>     * Function to perform HTTP and HTTPS redirection
>     * Author : Michael Mok (moktc@hotmail.com)
>     * Version : 1.0
>     *
>     *
>     */
> 
>     public static String getURL(org.apache.struts.action.ActionForward
> forward, javax.servlet.http.HttpServletRequest 					request, boolean secure)
> {
>         String path = forward.getPath();
>         String contextPath =
> request.getContextPath().equals("/")?"":request.getContextPath();
>         String serverPort = Integer.toString(request.getServerPort());
>         StringBuffer url = new StringBuffer();
>         if (secure) { //user has requested to secure the server
>             url.append("https://");
>             serverPort = ( serverPort.equals("80")?"":":"+serverPort);
>         } else {
>             url.append("http://");
>             serverPort = ( serverPort.equals("443")?"":":"+serverPort);
>         }
>         url.append(request.getServerName());
>         //this only work if you are using the default port 80 and port 443
> as secure connection
>         url.append(serverPort);
>         url.append(request.getContextPath());
>         url.append(path);
>         return url.toString();
>     }
> 
> -----Original Message-----
> From: Matt Raible [mailto:matt_raible@yahoo.com]
> Sent: Friday, 5 October 2001 4:48
> To: struts-user@jakarta.apache.org
> Subject: https and struts - forcing an https connection
> 
> 
> Does anyone know if it's possible in xml configuration files (or my jsp
> using
> tag libraries) to make my application only accessible via an https
> connection?
> 
> I know I can use javascript on my form-login page to do a redirection, but
> I'm
> hoping there's a cleaner way.
> 
> Thanks,
> 
> Matt
> 
> 
> __________________________________________________
> Do You Yahoo!?
> NEW from Yahoo! GeoCities - quick and easy web site hosting, just
> $8.95/month.
> http://geocities.yahoo.com/ps/info1
> 


__________________________________________________
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

Mime
View raw message