Re: Re: SSLExt and Struts Workflow?

2003-10-16 Thread Steve Ditlinger 

Tim:

Without looking into it too deeply (and without knowing anything about
Workflow), I can say the easiest thing from the sslext side is to redefine
SecureActionConfig to extend WorkflowMapping, just as you say.  If you have
problems, I can look at it more.

Steve


> 
> From: Tim Shadel <[EMAIL PROTECTED]>
> Date: 2003/10/16 Thu PM 01:52:22 CDT
> To: Struts Users Mailing List <[EMAIL PROTECTED]>
> CC: [EMAIL PROTECTED],   [EMAIL PROTECTED],  
>  [EMAIL PROTECTED]
> Subject: Re: SSLExt and Struts Workflow?
> 
> I know this thread is a couple weeks old, but I just started looking 
> into this myself.
> 
> Actually, I don't think that they are currently compatible, but not 
> because of the RequestProcessor.  Matthias has made it easier to write a 
> RequestProcessor that includes others, so that should be possible 
> (though I haven't done it).  The problem seems to be that they each 
> require a custom ActionMappings class:
> 
> 
> 
> 
> 
> I assume that you can't use both.  After looking at the code, it appears 
> that it may not be hard to change SSLExt to expect an Interface instead 
> of a class in most areas that the SecureActionConfig is really needed 
> for the config.getSecure() call (WorkflowMapping seems to hold more than 
> simple get/set methods).  It seems that the changes to 
> SecureActionConfig are most in the checkSsl() and computerUrl() methods. 
>   I may be missing something, but it doesn't seem like much would break.
> 
> Eclpse's "Extract Interface..." refactoring can't do it automatically, 
> but gives a quick glance at the areas most affected.  If the SslExt code 
> could use an interface, then it would be possible to extend the 
> WorkflowMapping, add the needed methods, use the new class in the 
>  and then use both SslExt and Struts Workflow together.
> 
> Steve and Matthias, do you see any glitches with this approach?  If not, 
> I may try to start working at it (isn't that the general rule - don't 
> propose something unless you want to volunteer to help? :-D).
> 
> Thanks for your great extentions to Struts!
> 
> Tim
> 
> Matthias Bauer wrote:
> > If you 
> > still want to use the sslext RequestProcessor you should be easily able 
> > to do that: It is fairly trivial to build an 
> > SSLExtWorkflowRequestProcessor in just the same way as the 
> > TilesWorkflowRequestProcesser is built, which is included in the Struts 
> > Workflow Extension. This is because all the workflow logic is extracted 
> > into a separate class WorkflowRequestProcessorLogic. If you are 
> > interested, have a look at the classes WorkflowRequestProcessor, 
> > TilesWorkflowRequestProcessor, WorkflowRequestProcessorLogic and 
> > WorkflowRequestProcessorLogicAdapter.
> > 
> > --- Matthias
> > 
> > 
> > Steve Ditlinger wrote:
> > 
> >> I'll admit to not having used Struts Workflow.  But I don't know of any
> >> reason why sslext should not work, as long as actions are defined in a
> >> struts config file like other struts apps.
> >>
> >> If Struts Workflow uses its own RequestProcessor, you would not be 
> >> able to
> >> use the sslext RequestProcessor (without creating your own custom
> >> RequestProcessor).  However, that is OK.  You can use the sslext Plugin
> >> without the sslext RequestProcessor.   Assuming the use of the sslext 
> >> tags,
> >> the sslext RequestProcessor is really only needed as a failsafe for
> >> redirecting to the correct protocol if a URL is improperly hand-entered.
> >>
> >> HTH,
> >> Steve
> >>
> >>
> >> - Original Message - From: "Mick Knutson" 
> >> <[EMAIL PROTECTED]>
> >> To: "struts" <[EMAIL PROTECTED]>
> >> Sent: Tuesday, September 23, 2003 2:54 PM
> >> Subject: SSLExt and Struts Workflow?
> >>
> >>
> >>  
> >>
> >>> Does SSLExt and Struts Workflow work together?
> >>>
> >>> ---
> >>> Thanks
> >>> Mick Knutson
> >>> http://www.baselogic.com
> >>> ---
> >>>
> >>> -
> >>> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>> For additional commands, e-mail: [EMAIL PROTECTED]
> >>>
> >>>   
> >>
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>  
> >>
> > 
> > 
> > 
> > 
> 
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSLExt and Struts Workflow?

2003-09-23 Thread Steve Ditlinger 
I'll admit to not having used Struts Workflow.  But I don't know of any
reason why sslext should not work, as long as actions are defined in a
struts config file like other struts apps.

 If Struts Workflow uses its own RequestProcessor, you would not be able to
use the sslext RequestProcessor (without creating your own custom
RequestProcessor).  However, that is OK.  You can use the sslext Plugin
without the sslext RequestProcessor.   Assuming the use of the sslext tags,
the sslext RequestProcessor is really only needed as a failsafe for
redirecting to the correct protocol if a URL is improperly hand-entered.

HTH,
Steve


- Original Message - 
From: "Mick Knutson" <[EMAIL PROTECTED]>
To: "struts" <[EMAIL PROTECTED]>
Sent: Tuesday, September 23, 2003 2:54 PM
Subject: SSLExt and Struts Workflow?


> Does SSLExt and Struts Workflow work together?
>
> ---
> Thanks
> Mick Knutson
> http://www.baselogic.com
> ---
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: InvalidClassException....

2003-09-17 Thread Steve Ditlinger 
This sounds like you need to make sure that each server/node in the cluster
has the same version of the class.   The failover node is trying to
deserialize a class that was serialized on the original node as a different
version of the same class.

Steve

- Original Message -
From: "Trieu, Danny" <[EMAIL PROTECTED]>
To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
Sent: Wednesday, September 17, 2003 10:48 AM
Subject: InvalidClassException


Hi All,

I have an ActionForm that has a FormFile attribute used for fileupload.  I
had the attribute marked as transient so that the ActionForm can be
serializable and replicate in a cluster environment.  However, the out come
is not what I am expected, it throws InvalidClassException.  Does anyone
know what happens or how to fix this?

Thanks,

--danny


This message and any attachments are for the intended recipient(s) only and
may contain privileged, confidential and/or proprietary information about
Downey Savings or its customers, which Downey Savings does not intend to
disclose to the public. If you received this message by mistake, please
notify the sender by reply e-mail and delete the message and attachments.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[ANN] new version of sslext for Struts 1.10 posted

2003-09-16 Thread Steve Ditlinger 

Minor change to fix a bug in previously-posted version that could result in
exceptions if the action specified in the sslext:link or sslext:form tags could
not be found.

sslext for Struts 1.10 - 3 is the latest version, available at
http://sslext.sourceforge.net.  I will be deprecating previous Struts 1.10
release.

STeve

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: sslext can only get it to post

2003-09-15 Thread Steve Ditlinger 

Yes, Tomcat's handling of the  is very complementary to
the use of sslext.  Unfortunately, unless this has changed recently, not all
containers behave in this way.

Weblogic, for instance, just creates a response that outputs a message to the
browser stating that a particular URL is available only by HTTPS. (Maybe this
has changed in 8.1, I'll check it out.)

Tomcat definitely has the superior implementation on this issue.

Steve


- Original Message - 
From: "Craig R. McClanahan" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Cc: "Stephane Grenier" <[EMAIL PROTECTED]>
Sent: Monday, September 15, 2003 10:37 AM
Subject: Re: sslext can only get it to post


> On Sun, 14 Sep 2003, Max Cooper wrote:
> 
> > Some design changes are needed to make the switch to the https port in
> > what I consider to be an acceptable manner.
> 
> One avenue to explore is using one particular capability of container
> managed security, and declare a security constraint requiring SSL on a
> particular request.  Something like this:
> 
>   
> 
>   Checkout Section
>   
> The set of URL patterns for requests that must be submitted
> via SSL.  In order to avoid sending confidential data unencrypted,
> these patterns MUST include the page that renders the form to
> be submitted that contains that confidential data.
>   
>   
>   /checkout_form.jsp
>   
>   /buy.do
> 
> 
>   CONFIDENTIAL
> 
>   
> 
> If you do this, the container will switch to HTTPS for you before the
> checkout form is rendered.  Hence, the ultimate submit of that form will
> be done over SSL.  It's up to the container to figure out what the correct
> SSL port number is (in Tomcat, you configure this with the "redirectPort"
> attribute on a  element; the default configuration for non-SSL
> on port 8080 redirects to SSL on port 8443).
> 
> Note that, because there is no  here, this particular
> security constraint does not require you to use container managed security
> for authentication -- it's only being used to do the "redirect to SSL"
> trick for you.
> 
> Craig
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Implementing HTTPS in Struts

2002-02-10 Thread Steve Ditlinger 

Robert, All:

We have added SecureFormTag as an extension to FormTag for our implementation
of HTTPS/HTTP web application switching.  SecureFormTag will determine if the
action specified as the "action" attribute value should be called using SSL or
not.  The HTML "form" element it creates will then include an "action"
specifying the appropriate protocol (http or https) if that protocol does not
match the current protocol.  This is similar to the SecureLinkTag extension we
had done earlier.  Please try it out and let us know what you think.  You can
download it at http://struts.ditlinger.com.

Thanks,
Steve

__
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

--
To unsubscribe, e-mail:   
For additional commands, e-mail: