struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sonavor>
Subject Struts forwarding problem after adding sslext
Date Tue, 06 Oct 2009 19:06:38 GMT

I needed to switch some pages in my web application over to HTTPS mode
(login, data entry, etc.) then switch back to HTTP for pages that do not
require it.  Using sslext I am able to do that and it works fairly well. 
Except...I have run into one problem.  My web application also has switching
between pages for non-logged in users and logged in users.  So non-logged in
users have a URI where I have something like this -  <context_root>/public 
and logged in users have a URI something like - <context_root>/secure

My web.xml is configured for authentication where any URI with "/secure"
with require a user that is authenticated (logged in).  

Prior to implementing SSL I could enter a URL to my application that
contained "/secure" and Tomcat would bring up the login screen.  After I
logged in the authentication process would automatically take me to the page
I had requested in my URL.

Now that I have sslext implemented the same test does not work.  When I
enter a URL containing "/secure" the login screen pops up, I login but then
the authentication process does not know were to go.  It does not continue
on to the requested URL.

While experimenting with the problem I found that I could make it work again
by setting the page I requested in the URL to require HTTPS.  So now that
the sslext mechanism makes sure the login page switches to HTTPS, it breaks
the automatic, post-login forwarding to the requested URL unless that URL is
also an HTTPS page.

Does anyone know of a way to use/configure sslext so it doesn't do that?  Or
is it a Struts configuration that I need to fix?

View this message in context:
Sent from the Struts - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message