struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anastasios Patrikis" <>
Subject [S2] Using SSL, HTTP, HTTPS and invoking Action classes
Date Wed, 23 Jul 2008 10:20:13 GMT

I have problem in switching my application context from http to https an
back again.
Because I am new to Struts I am not sure if I use the framework the
right way, so any help or hint is greatly appreciated

Here is the task: I have some pages in my application which are
available via http. There is a step in which the user is requested to
enter some personal data, and the user can create a account. This page
should be secured using SSL on a https site. Later on, the user should
be redirected back to http.

First problem: I do not know if the setup for using SSL is "the Struts
way" because it is quiet hard to find information in how to use SSL and
However, this is how I configured the application.

- in web.xml I added the action which causes the switch from http to
		<!-- login -->

- in struts.xml I have a definition for the action:
<action name="Login" class="com.action.CustomerLoginAction"
      <result name="error">/ErrorPage.jsp</result>

- as all following request are made in the secured context I wrote a
simple action class for redirecting back to http.

First question is if this is the right way. It seems to be a quiet
complicated solution for a common task.

Second problem: without changing into a secure context (no
"security-constraint" in web.xml) I can call my action class and some
properties are set by the framework calling the appropriate "set"
methods. After applying the "security-constraint" in the web.xml file
the "set" methods are not invoked any more.

Second question: is this the behavior by design? How should I set the
necessary properties, by using session variables? I found an article
which describes a problem by using a session variable in combination
with SSL:
Once again I think my solution is to complicated and this task is
supported by the framework without me knowing how to do it a better way.

Best regards,


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message