struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anastasios Patrikis" <>
Subject AW: [S2] Using SSL, HTTP, HTTPS and invoking Action classes
Date Thu, 24 Jul 2008 15:31:14 GMT
Hi Nuwan,

this is the stuff I was looking for. Just some configuration in struts.xml and a few annotations.
The Struts PlugIs is easy to use, and now everything works as expected.

Thanks a lot,


-----Urspr√ľngliche Nachricht-----
Von: Nuwan Chandrasoma [] 
Gesendet: Mittwoch, 23. Juli 2008 14:21
An: Struts Users Mailing List
Betreff: Re: [S2] Using SSL, HTTP, HTTPS and invoking Action classes


Have a look at this plug-in, it may help you



Anastasios Patrikis wrote:
> Hi,
> I have problem in switching my application context from http to https an
> back again.
> Because I am new to Struts I am not sure if I use the framework the
> right way, so any help or hint is greatly appreciated
> Here is the task: I have some pages in my application which are
> available via http. There is a step in which the user is requested to
> enter some personal data, and the user can create a account. This page
> should be secured using SSL on a https site. Later on, the user should
> be redirected back to http.
> First problem: I do not know if the setup for using SSL is "the Struts
> way" because it is quiet hard to find information in how to use SSL and
> Struts.
> However, this is how I configured the application.
> - in web.xml I added the action which causes the switch from http to
> https:
> <security-constraint>
> 	<web-resource-collection>
> 		<!-- login -->
> 		<url-pattern>/Login.action</url-pattern>
> 	</web-resource-collection>
> 	<user-data-constraint>
> 		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
> 	</user-data-constraint>
> </security-constraint>
> - in struts.xml I have a definition for the action:
> <action name="Login" class="com.action.CustomerLoginAction"
> method="userLogin">
>       <result name="error">/ErrorPage.jsp</result>
>       <result>/LoginPage.jsp</result>
> </action>
> - as all following request are made in the secured context I wrote a
> simple action class for redirecting back to http.
> First question is if this is the right way. It seems to be a quiet
> complicated solution for a common task.
> Second problem: without changing into a secure context (no
> "security-constraint" in web.xml) I can call my action class and some
> properties are set by the framework calling the appropriate "set"
> methods. After applying the "security-constraint" in the web.xml file
> the "set" methods are not invoked any more.
> Second question: is this the behavior by design? How should I set the
> necessary properties, by using session variables? I found an article
> which describes a problem by using a session variable in combination
> with SSL:
> Once again I think my solution is to complicated and this task is
> supported by the framework without me knowing how to do it a better way.
> Best regards,
> Anastasios.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message