RE: [Announce] Enhancement added to sslext

[Ditlinger, Steve]

H, thanks  for brining this to my attetntion.  My email service provider
has beeen bogged down by virus and I have been missisng mail.  I'll take a
look today.
Thanks,
Steve

 -Original Message-
 From: Robert Taylor [mailto:[EMAIL PROTECTED]
 Sent: Saturday, September 06, 2003 7:43 AM
 To: Struts Users Mailing List
 Subject: RE: [Announce] Enhancement added to sslext
 
 
 Steve that's good news...but do have any idea when the following bug
 will be fixed in SecureRequestProcessor?
 
 http://sourceforge.net/tracker/index.php?func=detail&aid=790963
&group_id=599
67&atid=492653

robert

> -Original Message-
> From: Ditlinger, Steve [mailto:[EMAIL PROTECTED]
> Sent: Saturday, September 06, 2003 3:18 AM
> To: '[EMAIL PROTECTED] '
> Subject: [Announce] Enhancement added to sslext
>
>
>
>
> New release of sslext now recognizes multiple mappings for the
> Struts action
> servlet, including the mixing of prefix and suffix mapping.  For example,
> you can map *.do, *.foo, AND /do/* to the Struts action servlet.  Sslext
> will recognize the mapping and create the link tag, form tag,
> etc. with the
> appropriate specified protocol.
>
> Thanks,
> Steve Ditlinger
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[Announce] Enhancement added to sslext

[Ditlinger, Steve]

New release of sslext now recognizes multiple mappings for the Struts action
servlet, including the mixing of prefix and suffix mapping.  For example,
you can map *.do, *.foo, AND /do/* to the Struts action servlet.  Sslext
will recognize the mapping and create the link tag, form tag, etc. with the
appropriate specified protocol.

Thanks,
Steve Ditlinger


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Exception if no form in my action mapping - why?

[Ditlinger, Steve]

If an action is used in a form tag, it is expected that it has a form
attribute defined for it. Otherwise, Struts does not know where to put the
data posted from the form.  In your case, you don't have much of a form or
need to store posted data.  You could redefine as a link rather than a form.

Steve

 -Original Message-
 From: David Thielen [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, August 19, 2003 8:47 AM
 To: Struts-Users
 Subject: Exception if no form in my action mapping - why?
 
 
 Hi;
 
 When I set an action mapping as this (no form):
 
 
 
 
 It threw an exception. When I added a from like this:
 
 
 
 
 It worked. Any ideas?
 
 In my .jsp I have:
 
 
 
 
 thanks - dave
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: no getter method found

[Ditlinger, Steve]

This question comes up often enough that it probably warrants a short lesson
in JavaBeans.

If a property is named "lastname", the corresponding "getter" should be
named getLastname() and the setter should be named setLastname().  What's
more the parameter type for the "setter" must match the return type of the
"getter".  Please note:  the name of the instance variable used for storing
the lastname property value *is irrelevent*.  The property name is derived
from the names of the "getter & setter" methods alone (, unless you write a
BeanInfo class, in which case, you get to make up your own rules.)  For the
sake of clarity, we often name our instance variables with the same name of
the properties, but this is not required.

For instance:

public class MyForm extends ActionForm{
  private String lastName = null;
  
public String getLastname(){
   return this.lastName;
}
  
public void setLastname( String lastName){
   this.lastName = lastName;
}
}

is the same as:

public class MyForm extends ActionForm{
  private String someFreakyName = null;
  
public String getLastname(){
   return this.someFreakyName ;
}
  
public void setLastname( String lastName){
   this.someFreakyName = lastName;
}
}

In both cases, the property name is "lastname", and so the proper tag usage
is .

For reference, see section 8.3 of the JavaBeans specification.
http://java.sun.com/products/javabeans/docs/spec.html

Steve


 -Original Message-
 From: Ditlinger, Steve [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, August 19, 2003 11:32 AM
 To: 'Struts Users Mailing List'
 Subject: RE: no getter method found
 
 
 public String getLastname(){}  Note the capital "L"
 
  -Original Message-
  From: Mehran Zonouzi [mailto:[EMAIL PROTECTED]
  Sent: Tuesday, August 19, 2003 6:55 AM
  To: [EMAIL PROTECTED]
  Subject: no getter method found
  
  
  I have the below in my jsp page
  
  Last Name: 
  
  and this in my ActionForm subclass
  
  private String lastName = null;
  
public String getlastname(){
   return this.lastName;
}
  
public void setlastname( String lastName){
   this.lastName = lastName;
}
  
  But I keep getting the no gett found error message...
  No getter method for property lastname of bean 
  org.apache.struts.taglib.html.BEAN
  
  
  What should the getter method be called?
  
  
  --
  
  This e-mail may contain confidential and/or privileged 
  information. If you are not the intended recipient (or have 
  received this e-mail in error) please notify the sender 
  immediately and destroy this e-mail. Any unauthorized copying, 
  disclosure or distribution of the material in this e-mail is 
  strictly forbidden.
  
  
  
  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
  
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: no getter method found

[Ditlinger, Steve]

public String getLastname(){}  Note the capital "L"

 -Original Message-
 From: Mehran Zonouzi [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, August 19, 2003 6:55 AM
 To: [EMAIL PROTECTED]
 Subject: no getter method found
 
 
 I have the below in my jsp page
 
 Last Name: 
 
 and this in my ActionForm subclass
 
 private String lastName = null;
 
   public String getlastname(){
  return this.lastName;
   }
 
   public void setlastname( String lastName){
  this.lastName = lastName;
   }
 
 But I keep getting the no gett found error message...
 No getter method for property lastname of bean 
 org.apache.struts.taglib.html.BEAN
 
 
 What should the getter method be called?
 
 
 --
 
 This e-mail may contain confidential and/or privileged 
 information. If you are not the intended recipient (or have 
 received this e-mail in error) please notify the sender 
 immediately and destroy this e-mail. Any unauthorized copying, 
 disclosure or distribution of the material in this e-mail is 
 strictly forbidden.
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Content-Length=0?

[Ditlinger, Steve]

I have an app that is deployed on Tomcat 4.1.24.  If I hit a page that is an
ordinary JSP file, I can look at the response headers and see a
content-length that is greater than 0.  If I hit a tiles page (a jsp with a
tiles:insert tag), content-length is missing from the header.

If this were a Tomcat oddity, I would expect to get no content-length
reported in each case.  Because this only happens in the tiles case, I am
led to believe this is a tiles oddity.   I am using Struts 1.1 final.

Any ideas what is going on here?

Thanks,
Steve


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: white space on jsp compile

[Ditlinger, Steve]

I assume you are having problems with excessive newlines.  

We end up doing a lot of this type of thing:

<%@ taglib prefix="html" uri="/tags/struts-html"
%><%@ taglib prefix="bean" uri="/tags/struts-bean"
%><%@ taglib prefix="logic" uri="/tags/struts-logic"
%><%@ taglib uri="/tags/struts-tiles" prefix="tiles"%>

Note the positioning of the closing "%>".  That includes the newlines in the
tag and eliminates newlines produced in the HTML.  Do the same for scriplet
tags, custom tags, etc.

Steve

 -Original Message-
 From: Mike Whittaker [mailto:[EMAIL PROTECTED]
 Sent: Thursday, July 31, 2003 12:21 PM
 To: Struts List
 Subject: white space on jsp compile
 
 
 Is there any way to control it? It seems a little excessive
 
 I'd like to retain it in the JSP, and remove as much as 
 possible in the html
 
 --
 Mike W
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: SSLEXT- https to http QueryString shows up?

[Ditlinger, Steve]

If I understand your problem correctly...I think if you specify
redirect=true on your forward mapping for the posting action, you will be
sure to dump the request parameters by the time the subsequent page is
displayed.

Of course, you can always just allow the subsequent page to be displayed via
https also.  Then switch protocols back to http for all links  from that
page.

Steve


 -Original Message-
 From: Aleksandar Matijaca [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, July 23, 2003 5:35 PM
 To: Struts Users Mailing List
 Subject: Re: SSLEXT- https to http QueryString shows up?
 
 
 Hi there,
 
 I have experienced EXACTLY the same problem also - I wish I had a fix 
 for it...  I will come back to
 that problem sometime, for now, I am concentrating on other 
 parts of my 
 project.  I did however manage
 to do something else, and that is, from, HTTP page, to have a 
 https form 
 submit, and then when the action
 forwards to the same JSP (the one that sent out the https 
 submit) for it 
 to be seen as a regular http page.
 So it is done as:
 
 http page ->https submit->http page
 
 In the jsp page that has the form, you do a:
 
 
 
 in the same jsp, you can have the form
 
 
 
 
 
 then, when you do a forward to itself, everything is fine,..., and you 
 see your page as in http
 
 Regards, a.m.
 
 
 Mounagurusamy, Jayakumar (HAL) wrote:
 
 >SSLEXT really works great for me when I switch from "http" to 
 "https". Well
 >when I am in https mode I submit a form as post methods, however the
 >subsequent page is not secured. Obviously the action 
 redirects to http mode,
 >that is ok with me but it appends the form parameter values 
 to the URL and
 >it is visible in clients browser address bar. I do not want 
 to see the form
 >parameter values in the Address bar.
 >
 >Does any one experience the same problem and Any idea to 
 solve this will be
 >greatly appreciated
 >
 >thanks
 >Jay
 >
 >
 >-
 >To unsubscribe, e-mail: [EMAIL PROTECTED]
 >For additional commands, e-mail: [EMAIL PROTECTED]
 >
 >
 >  
 >
 
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Struts 1.10 final version *of sslext* released

[Ditlinger, Steve]

 
 Find more info at sslext.sourceforge.net.
 
   Struts 1.10 final version is now released.  New features 
  (originally added
  in RC2, but not announced here):
  
  "secure" property for actions in struts config file now accepts values
  "true", "false" AND "any".  A value of "any" means that the 
 action will
  accept http or https protocol, whichever is current.
  
  "secure" property for pageScheme tag now accepts values 
  "true", "false" AND
  "any".  A value of "any" means that the action will accept 
  http or https
  protocol, whichever is current.
  
  Also,  bug fixed:
  Added "action" attribute to the TLD for link tag
  
  Feedback? Let me know.
  
  Steve
  
  
  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
  
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Struts 1.10 final version released

[Ditlinger, Steve]

Guess I forgot to say Struts 1.10 final version of *sslext* released.  Find
it at sslext.sourceforge.net.

 -Original Message-
 From: Ditlinger, Steve [mailto:[EMAIL PROTECTED]
 Sent: Saturday, July 19, 2003 1:21 AM
 To: 'Struts Users Mailing List'
 Subject: Struts 1.10 final version released
 
 
 
 Struts 1.10 final version is now released.  New features 
 (originally added
 in RC2, but not announced here):
 
 "secure" property for actions in struts config file now accepts values
 "true", "false" AND "any".  A value of "any" means that the action will
 accept http or https protocol, whichever is current.
 
 "secure" property for pageScheme tag now accepts values 
 "true", "false" AND
 "any".  A value of "any" means that the action will accept 
 http or https
 protocol, whichever is current.
 
 Also,  bug fixed:
 Added "action" attribute to the TLD for link tag
 
 Feedback? Let me know.
 
 Steve
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Struts 1.10 final version released

[Ditlinger, Steve]

Struts 1.10 final version is now released.  New features (originally added
in RC2, but not announced here):

"secure" property for actions in struts config file now accepts values
"true", "false" AND "any".  A value of "any" means that the action will
accept http or https protocol, whichever is current.

"secure" property for pageScheme tag now accepts values "true", "false" AND
"any".  A value of "any" means that the action will accept http or https
protocol, whichever is current.

Also,  bug fixed:
Added "action" attribute to the TLD for link tag

Feedback? Let me know.

Steve


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Java Out Of Memory

[Ditlinger, Steve]

We have found that by using the "jikes" compiler instead of javac for doing
ejbc, we are much more economical with memory.  Specifically we use jikes
1.15, although a few of us use 1.17 (avoid 1.16!!).  Prior to switching over
to use jikes, we were constantly getting the same memory errors you are
seeing.

Steve



 -Original Message-
 From: Butt, Dudley [mailto:[EMAIL PROTECTED]
 Sent: Thursday, March 20, 2003 8:54 AM
 To: 'Struts Users Mailing List'
 Subject: RE: Java Out Of Memory
 
 
 yes guys come on, anyone got some tricks up their sleeves? i 
 really would appreciate it
 
 -Original Message-
 From: Alexandre Jaquet [mailto:[EMAIL PROTECTED]
 Sent: Thursday, March 20, 2003 6:51 PM
 To: Struts Users Mailing List
 Subject: Re: Java Out Of Memory
 
 
 yeap I think so too but I'm sure someone could you
 more here
 
 cheers
 
 - Original Message -
 From: "Butt, Dudley" <[EMAIL PROTECTED]>
 To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
 Sent: Thursday, March 20, 2003 5:46 PM
 Subject: RE: Java Out Of Memory
 
 
 > so in other words, i need more RAM : )
 >
 > -Original Message-
 > From: Alexandre Jaquet [mailto:[EMAIL PROTECTED]
 > Sent: Thursday, March 20, 2003 6:45 PM
 > To: Struts Users Mailing List
 > Subject: Re: Java Out Of Memory
 >
 >
 > it's only for modify the ram size (by default 64 are allowed)
 >
 > - Original Message -
 > From: "Butt, Dudley" <[EMAIL PROTECTED]>
 > To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
 > Sent: Thursday, March 20, 2003 5:43 PM
 > Subject: RE: Java Out Of Memory
 >
 >
 > > is -Xms256m only for available RAM, or can I increase my 
 page file size
 > and use that in the -X option aswell?
 > >
 > > -Original Message-
 > > From: Alexandre Jaquet [mailto:[EMAIL PROTECTED]
 > > Sent: Thursday, March 20, 2003 6:37 PM
 > > To: Struts Users Mailing List
 > > Subject: Re: Java Out Of Memory
 > >
 > >
 > > If you use -Xms256m you just will allow to use your whole memory.
 > >
 > > - Original Message -
 > > From: "Butt, Dudley" <[EMAIL PROTECTED]>
 > > To: <[EMAIL PROTECTED]>
 > > Sent: Thursday, March 20, 2003 5:31 PM
 > > Subject: Java Out Of Memory
 > >
 > >
 > > > Hi there,
 > > >
 > > > I know this isn't a Struts question, but I also know you're all
 > extremely
 > > experienced Java dudes, so how can I prevent a Out Of 
 Memory error when
 > > > doing a Javac compile for ejbc, with a 
 EntityRelationshipBean? Any
 help
 > > would be great!
 > > > I'm compiling on a 256M machine and my command looks like this..
 > > >
 > > > set PATH=C:\java\j2sdk1.4.1_01\bin;%PATH%
 > > > set LIB=C:\java\working\invest\lib\
 > > >
 > > > java -verbosegc -cp %LIB%weblogic.jar -Xms128m -Xmx256m
 > > weblogic.ejbc -compiler javac EntityRel1.jar EntityRel.jar
 > > >
 > > > Many Thanx
 > > >
 > > >
 > > > NOTICE:
 > > >
 > > > This message contains privileged and confidential 
 information intended
 > > > only for the person or entity to which it is addressed.
 > > > Any review, retransmission, dissemination, copy or other 
 use of, or
 > > > taking of any action in reliance upon this information 
 by persons or
 > > > entities other than the intended recipient, is prohibited.
 > > >
 > > > If you received this message in error, please notify the sender
 > > > immediately by e-mail, facsimile or telephone and 
 thereafter delete
 the
 > > > material from any computer.
 > > >
 > > > The New Africa Capital Group, its subsidiaries or 
 associates do not
 > > > accept liability for any personal views expressed in 
 this message.
 > > >
 > > > 
 -
 > > > To unsubscribe, e-mail: 
 [EMAIL PROTECTED]
 > > > For additional commands, e-mail: 
 [EMAIL PROTECTED]
 > > >
 > > >
 > >
 > >
 > > 
 -
 > > To unsubscribe, e-mail: [EMAIL PROTECTED]
 > > For additional commands, e-mail: 
 [EMAIL PROTECTED]
 > >
 > >
 > > NOTICE:
 > >
 > > This message contains privileged and confidential 
 information intended
 > > only for the person or entity to which it is addressed.
 > > Any review, retransmission, dissemination, copy or other use of, or
 > > taking of any action in reliance upon this information by 
 persons or
 > > entities other than the intended recipient, is prohibited.
 > >
 > > If you received this message in error, please notify the sender
 > > immediately by e-mail, facsimile or telephone and 
 thereafter delete the
 > > material from any computer.
 > >
 > > The New Africa Capital Group, its subsidiaries or associates do not
 > > accept liability for any personal views expressed in this message.
 > >
 > > 
 -
 > > To unsubscribe, e-mail: [EMAIL PROTECTED]
 > > For additional commands, e-mail: 
 [EMAIL PROTECTED]
 > >
 > >
 >
 >
 > -
 > To unsubscribe, e-mail: [E

Even newer release of sslext posted

[Ditlinger, Steve]

All:

Yesterday's posting of new releases of sslext was to fix a bug that had been
reported a few days previously.  Now we have a new release with a new
feature that I am pretty excited about.

A little background:  Some older browsers (notable Netscape 4.x) would treat
responses from a server with different protocols (http or https) specified
as being part of two different sessions.  e.g. a request to
https://www.somedomain.com would belong to one session and
http://www.somedomain.com would belong to another session.  On some web
containers (e.g. WebLogic), there was a "cookie-domain" setting that would
allow you tell the browser to treat all responses from the same domain as a
single session.  However, other containers (e.g. Tomcat) did not have this
feature.  

An idea was suggested on this list last week by my constant inspiration, Max
Cooper, why not just force a URL rewrite when switching between protocols to
force the session to be shared between the two protocols?  Why not, indeed?
So brilliant, yet so simple, the very definition of elegance.

Yesterday, we tried out this idea, and sure enough it worked; we are sharing
sessions on Netscape 4.7 using Tomcat where previously two sessions had been
created.  Eureka!  This dual session problem has been such a pain for so
long that I am disappointed we didn't think of this sooner.  

The new release dubbed "sslext - Struts1.1RC1 - 2" is the latest and
greatest and includes this new feature.  Find it at
http://sslext.sourceforge.net.  This new release also clears up a bug in
module selection which could emerge if using anchors or a URL which had
already been rewritten.  

Special thanks to Max for his suggestion and diagnostic assistance.

Steve


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

New releases of sslext posted

[Ditlinger, Steve]

All:
 
New versions of sslext, the Struts extension for http/https switching, have
been posted at http://sslext.sourceforge.net.  
 
One new posting is a bug-fixed version for Struts 1.1b3.  The bug that was
fixed is described below in an email from last week by Dennis Muhlestein.
 
The other new posting is a new posting for Struts 1.1RC1.
 
Both reflect some refactoring that simplifies the code.  As a
consequence, the ability to specify links including "../" or submodule paths
has been eliminated.  This is consistent with core Struts.  The same
capability
is available by using the "forward" attribute of sslext:link.  See example
app.
 
The versions for Struts 1.1b1 and Struts 1.1b2 are no longer supported and
will soon be withdrawn from their posting.  For now, they remain posted for
comparison purposes.

Additional note: One more thing, both new releases also include an
additional
version of the SecureRequestProcessor called SecureTilesRequestProcessor
for use with Tiles.
 
Thanks,
Steve
 
 
 
> 
> 
> 
> 
> --- Dennis Muhlestein <[EMAIL PROTECTED]> wrote:
> > sslext does not function as expected with modules.
> > 
> > Specifically, when operating withing a module (ie: subappfoo), the
> >  does not find the ModuleConfig for
> > the subapplication.  Instead, it finds the ModuleConfig for the root
> > module.
> > 
> > The reason the example applications in sslext works correctly with
> > subappfoo is that the main module and the subappfoo module have the
> > exact same action mappings and secure properties.  Therefore, when you
> > request the true or false page from the subapp, you get a ModuleConfig
> > and SecureActionConfig from the root module that look identical to what
> > you expect to get from the subappfoo module.
> > 
> > To demonstrate the bug, change the struts-config-subapp.xml's /true
> > secure property to be false.  After this change, you should see neither
> > page going to https.  You will see however, that the true page still
> > goes to https (when you are within subappfoo).  This is because the
> > secure config used by sslext:link came from the root module.
> > 
> > Now go to the root module's index file.  You'll see that the links to
> > the true/false pages for the subapp are now correct (neither goes to
> > https).  This is because when you specify the module prefex (ie:
> > page="/subappfoo/true.do" ) in the sslext:link tags forward,href, or
> > page attribute, the sub application's correct ModuleConfig is found.
> > 
> > You can further see that this doesn't function properly by deploying a
> > sub application that does not have the same action mappings as the root
> > application.  Then, sslext:link will not find the action requested in
> > the tag, it won't get a ModuleConfig, and it won't be able to tell
> > whether or not your action is supposed to be secure.  The links will
> > never change between https and http.  They stay on the protocol made by
> > the request that generates the page.
> > 
> > The workaround for right now, is to use the href attribute instead of
> > the page attribute on the sslext:link tag and specify the entire url
> > relative to the root module (ie: href="/myModule/myPage.do" ).
> > 
> > If you have any questions or would like more details let me know.
> > 
> > Thanks
> > Dennis
> > 

 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [OT] sslext (1.1b3) has a bug with modules

[Ditlinger, Steve]

Excellent catch!  I've identified the problem and will post a new b3 (& RC1)
version this weekend.

I shouldn't have tried to get so fancy: allowing links with "../" upsets
things.  I have a solution in mind.

Thanks,
Steve

 -Original Message-
 From: Dennis Muhlestein [mailto:[EMAIL PROTECTED]
 Sent: Friday, March 14, 2003 8:27 AM
 To: [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Subject: [OT] sslext (1.1b3) has a bug with modules
 
 
 sslext does not function as expected with modules.
 
 Specifically, when operating withing a module (ie: subappfoo), the
  does not find the 
 ModuleConfig for
 the subapplication.  Instead, it finds the ModuleConfig for the root
 module.
 
 The reason the example applications in sslext works correctly with
 subappfoo is that the main module and the subappfoo module have the
 exact same action mappings and secure properties.  Therefore, when you
 request the true or false page from the subapp, you get a ModuleConfig
 and SecureActionConfig from the root module that look identical to what
 you expect to get from the subappfoo module.
 
 To demonstrate the bug, change the struts-config-subapp.xml's /true
 secure property to be false.  After this change, you should see neither
 page going to https.  You will see however, that the true page still
 goes to https (when you are within subappfoo).  This is because the
 secure config used by sslext:link came from the root module.
 
 Now go to the root module's index file.  You'll see that the links to
 the true/false pages for the subapp are now correct (neither goes to
 https).  This is because when you specify the module prefex (ie:
 page="/subappfoo/true.do" ) in the sslext:link tags forward,href, or
 page attribute, the sub application's correct ModuleConfig is found.
 
 You can further see that this doesn't function properly by deploying a
 sub application that does not have the same action mappings as the root
 application.  Then, sslext:link will not find the action requested in
 the tag, it won't get a ModuleConfig, and it won't be able to tell
 whether or not your action is supposed to be secure.  The links will
 never change between https and http.  They stay on the protocol made by
 the request that generates the page.
 
 The workaround for right now, is to use the href attribute instead of
 the page attribute on the sslext:link tag and specify the entire url
 relative to the root module (ie: href="/myModule/myPage.do" ).
 
 If you have any questions or would like more details let me know.
 
 Thanks
 Dennis
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: redirecting to HTTPS

[Ditlinger, Steve]

There are examples with each of the different versions.  (1.02, 1.1b1, 1.1b2
etc) at sslext.sourceforge.net.

I intend to do some updating for an 1.1RC1 release soon (this weekend?).
Also, I am usually able to answer questions in (semi-)prompt fashion..

Steve

 -Original Message-
 From: Sterin, Ilya [mailto:[EMAIL PROTECTED]
 Sent: Thursday, March 06, 2003 4:42 PM
 To: 'Struts Users Mailing List'
 Subject: RE: redirecting to HTTPS
 
 
 Ah, great, just found it, but I can't find any examples to go with it,
 nor a user's guide.  Any links? :-)
 
 Ilya
 
 -Original Message-
 From: alexj [mailto:[EMAIL PROTECTED] 
 Sent: Thursday, March 06, 2003 7:37 PM
 To: Struts Users Mailing List
 Subject: Re: redirecting to HTTPS
 
 
 Have a look for SSLext. (you may find a sample
 with it)
 
 --
 Alexandre Jaquet
 
 - Original Message - 
 From: "Sterin, Ilya" <[EMAIL PROTECTED]>
 To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
 Sent: Friday, March 07, 2003 1:16 AM
 Subject: redirecting to HTTPS
 
 
 > What's the easiest way to redirecting to https and back.  Meaning, 
 > what's the I guess more common/prefered way of doing it in struts.
 > 
 > Any small examples, would be great:-)
 > 
 > Thanks a bunch.
 > 
 > Ilya
 > 
 > -
 > To unsubscribe, e-mail: [EMAIL PROTECTED]
 > For additional commands, e-mail: [EMAIL PROTECTED]
 > 
 > 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Source code for ActionServlet 1.1-b2

[Ditlinger, Steve]

Guess my attachement was "cleansed".  See my other response about looking at
the CVS repository.

I'll try to attach again here just as an experiment:



 -Original Message-
 From: Andrew Lubalin [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, March 05, 2003 11:12 AM
 To: Struts Users Mailing List
 Subject: RE: Source code for ActionServlet 1.1-b2
 
 
 
 right where??? (no instructions or attachment)
 
 
 


  
   "Ditlinger,  

  
       Steve"   To:   
 "'Struts Users Mailing List'" <[EMAIL PROTECTED]> 

   <[EMAIL PROTECTED]cc: 

  
   t.com>   Subject:  RE: 
 Source code for ActionServlet 1.1-b2   



  
   03/05/2003 02:05 

  
   PM   

  
   Please respond to

  
   "Struts Users

  
   Mailing List"

  


  


  
 
 
 
 
 right here
 
  -Original Message-
  From: Andrew Lubalin [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, March 05, 2003 11:00 AM
  To: [EMAIL PROTECTED]
  Subject: Source code for ActionServlet 1.1-b2
 
 
  I have the source for 1.1-b3 but I cannot find anything for
  1.1-b2, which
  is what I need.  Does anyone have or know where I can find this source
  version for ActionServlet?
 
  Thank you,
 
  - Andrew
 
 
 
  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Source code for ActionServlet 1.1-b2

[Ditlinger, Steve]

Of course you vcan always look at the CVS repository also

http://cvs.apache.org/viewcvs.cgi/jakarta-struts/

 -Original Message-
 From: Ditlinger, Steve [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, March 05, 2003 11:05 AM
 To: 'Struts Users Mailing List'
 Subject: RE: Source code for ActionServlet 1.1-b2
 
 
 right here
 
  -Original Message-
  From: Andrew Lubalin [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, March 05, 2003 11:00 AM
  To: [EMAIL PROTECTED]
  Subject: Source code for ActionServlet 1.1-b2
  
  
  I have the source for 1.1-b3 but I cannot find anything for 
  1.1-b2, which
  is what I need.  Does anyone have or know where I can find this source
  version for ActionServlet?
  
  Thank you,
  
  - Andrew
  
  
  
  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
  
 
 
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Source code for ActionServlet 1.1-b2

[Ditlinger, Steve]

right here

 -Original Message-
 From: Andrew Lubalin [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, March 05, 2003 11:00 AM
 To: [EMAIL PROTECTED]
 Subject: Source code for ActionServlet 1.1-b2
 
 
 I have the source for 1.1-b3 but I cannot find anything for 
 1.1-b2, which
 is what I need.  Does anyone have or know where I can find this source
 version for ActionServlet?
 
 Thank you,
 
 - Andrew
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: isEmpty() Method Not Working?

[Ditlinger, Steve]

NoSuchMethodError does not extend Exception, so if you are catching
Exception, the catch block will not be entered.  

However, your real problem is that you are compiling against a current
version of Struts and then running against an obsolete version of Struts.

HTH,
Steve

 -Original Message-
 From: Mervin Williams [mailto:[EMAIL PROTECTED]
 Sent: Monday, March 03, 2003 1:58 PM
 To: 'Struts Users Mailing List'
 Subject: RE: isEmpty() Method Not Working?
 
 
 I put a try/catch block around the "if(!errors.isEmpty())" 
 call, but the
 catch block was never entered, and the exception occurred.  
 Below is the
 stack trace for the error.  
 
 I do notice something strange in the stack tracke: in the "Root Cause"
 portion of the stack trace, the NoSuchMethodError refers to a method
 named "ActionMessages.isEmpty()Z".  Where is the "Z" coming from - I do
 not have a "Z" at the end of my method call.
 
 --
 2003-03-03 15:48:18,909 ERROR [org.jboss.web.localhost.Engine]
 StandardWrapperValve[action]: Servlet.service() for servlet 
 action threw
 exception
 javax.servlet.ServletException: Servlet execution threw an exception
at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilte
 r(Applica
 tionFilterChain.java:269)
at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(Applic
 ationFilt
 erChain.java:193)
at
 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWr
 apperValv
 e.java:260)
at
 org.apache.catalina.core.StandardPipeline$StandardPipelineValve
 Context.i
 nvokeNext(StandardPipeline.java:643)
at
 org.apache.catalina.core.StandardPipeline.invoke(StandardPipeli
 ne.java:4
 80)
at
 org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
 org.apache.catalina.core.StandardContextValve.invoke(StandardCo
 ntextValv
 e.java:191)
at
 org.apache.catalina.core.StandardPipeline$StandardPipelineValve
 Context.i
 nvokeNext(StandardPipeline.java:643)
at
 org.apache.catalina.authenticator.AuthenticatorBase.invoke(Auth
 enticator
 Base.java:550)
at
 org.apache.catalina.core.StandardPipeline$StandardPipelineValve
 Context.i
 nvokeNext(StandardPipeline.java:641)
at
 org.apache.catalina.valves.CertificatesValve.invoke(Certificate
 sValve.ja
 va:246)
at
 org.apache.catalina.core.StandardPipeline$StandardPipelineValve
 Context.i
 nvokeNext(StandardPipeline.java:641)
at
 org.apache.catalina.core.StandardPipeline.invoke(StandardPipeli
 ne.java:4
 80)
at
 org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
 org.apache.catalina.core.StandardContext.invoke(StandardContext
 .java:241
 5)
at
 org.apache.catalina.core.StandardHostValve.invoke(StandardHostV
 alve.java
 :180)
at
 org.apache.catalina.core.StandardPipeline$StandardPipelineValve
 Context.i
 nvokeNext(StandardPipeline.java:643)
at
 org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDis
 patcherVa
 lve.java:170)
at
 org.apache.catalina.core.StandardPipeline$StandardPipelineValve
 Context.i
 nvokeNext(StandardPipeline.java:641)
at
 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportV
 alve.java
 :172)
at
 org.apache.catalina.core.StandardPipeline$StandardPipelineValve
 Context.i
 nvokeNext(StandardPipeline.java:641)
at
 org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve
 .java:509
 )
at
 org.apache.catalina.core.StandardPipeline$StandardPipelineValve
 Context.i
 nvokeNext(StandardPipeline.java:641)
at
 org.apache.catalina.core.StandardPipeline.invoke(StandardPipeli
 ne.java:4
 80)
at
 org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
 org.apache.catalina.core.StandardEngineValve.invoke(StandardEng
 ineValve.
 java:174)
at
 org.apache.catalina.core.StandardPipeline$StandardPipelineValve
 Context.i
 nvokeNext(StandardPipeline.java:643)
at
 org.apache.catalina.core.StandardPipeline.invoke(StandardPipeli
 ne.java:4
 80)
at
 org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
 org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at
 org.apache.coyote.http11.Http11Processor.process(Http11Processo
 r.java:43
 2)
at
 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler
 .processC
 onnection(Http11Protocol.java:386)
at
 org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoin
 t.java:53
 4)
at
 org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(T
 hreadPool
 .java:530)
at java.lang.Thread.run(Thread.java:536)
 2003-03-03 15:48:19,620 ERROR [org.jboss.web.localhost.Engine] -
 Root Cause -
 java.lang.NoSuchMethodError:
 org.apache.struts.action.ActionMessages.isEmpty()Z
at prototype_1.SearchAction.execute(SearchAction.java:272)
at
 org.apache.struts.acti

RE: [Q.] (redirect="true") how to get anything from request scope?

[Ditlinger, Steve]

A redirect is a response to the browser telling it to issue a new request
for the specified URL.  Because it is a new request, any attributes in the
original request are gone.  You'll have to put them in session if you wish
to keep them around.

Steve

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 Sent: Friday, February 21, 2003 3:19 PM
 To: [EMAIL PROTECTED]
 Subject: [Q.] (redirect="true") how to get anything from request scope?
 
 
 Hello,
 
 for some reason I need use redirect,
 but when I'd changed redirect from false to true in struts-config.xml
 
 
 I got problem on my jsp side - a jsp can't find any beans from request
 
 do I'm missing anything?
 
 tnx
 
 Best Regards.
 Michael.
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Is sslext only support struts 1.1, but not support struts 1.0.2?

[Ditlinger, Steve]

sslext supports 1.1 (b1, b2 & b3)  and struts 1.0.2.

See http://sslext.sourceforge.net

Steve


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

New release of sslext available (1.1b3)

[Ditlinger, Steve]

I have posted a new version of sslext (the Struts extension for HTTP/HTTPS
protocol switching) for Struts 1.1 beta3 at sslext.source.net.

I have also posted new releases of the Struts 1.0, 1.1b1, and 1.1b2
versions.  These releases fix a bug with the sslext.tld that never showed up
until I tested with the 4.1.18 version of Tomcat.  (Enforcement getting
stricter, I like that!)  

The 1.1b3 version includes a new feature that was recently requested: the
ability to disable the HTTP/HTTPS switching.  This is something you may want
to do temporarily if your SSL is non-functional for whatever reason.  This
is done using the new "enable" attribute for the SecurePlugin specified in
the struts config file.  If not specified, the default value for this
attribute is "true".  


The 1.1b1 and 1.1b2 versions do not include this new feature and will
probably not be updated from this point forward except for bug fixes.

Stand by for other new features.

Steve


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: Struts SLL extension - Really lost

[Ditlinger, Steve]

Sounds like you are missing this line in the struts-config.xml (just before
all the action definitions):

  

Once you add that, the ClassCastException should go away.  

If you have any more problems, let me know.

Steve

 -Original Message-
 From: Steve Vanspall [mailto:[EMAIL PROTECTED]]
 Sent: Monday, December 09, 2002 7:20 PM
 To: Ditlinger, Steve
 Subject: RE: Struts SLL extension - Really lost
 
 
 Hi there,
 
 Thanks for your reply.
 
 I i remove the pageScheme tag and comment out all the 
 set-property tags in
 struts-config.xml, the same thing happens.
 
 I have pinpointed the problem, in think.
 
 the following line throws a ClassCastException
 
 SecureActionConfig secureMapping =
 (SecureActionConfig)appConfig.findActionConfig(linkTo);
 
 
 does this help?
 
 
 -Original Message-
 From: Ditlinger, Steve [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, 10 December 2002 1:47 PM
 To: '[EMAIL PROTECTED]'
 Cc: Cooper,Max
 Subject: FW: Struts SLL extension - Really lost
 
 
 Hi Steve:
 
 Sorry to hear you are having trouble.
 
 Let's go one step at a time, brother.
 
 What happens if you remove the pageScheme tag from the login.jsp?
 If it works now, maybe you are losing request parameters.
 
 If you remove the all of the secure settings from the 
 struts-config.xml,
 does the app work?
 If so, perhaps there is a problem with the struts-config.  Without the
 pageScheme and the secure parameters set, the app is 
 essentially unchanged
 logically from your original app.
 
 Let me know what happens. We'll figure this out.
 
 Steve
 
 
  -Original Message-
  From: Max Cooper [mailto:[EMAIL PROTECTED]]
  Sent: Monday, December 09, 2002 6:12 PM
  To: Ditlinger, Steve
  Subject: Fw: Struts SLL extension - Really lost
 
 
  Forwarded by me to you, from the struts-user list...
 
  - Original Message -
  From: "Steve Vanspall" <[EMAIL PROTECTED]>
  To: "Struts User Mailing List" <[EMAIL PROTECTED]>
  Sent: Monday, December 09, 2002 5:36 PM
  Subject: Struts SLL extension - Really lost
 
 
  > Hi there,
  >
  > I have installed the Struts/SSL Extension for strits 1.1-b2.
  >
  > I am running Tomcat 4.1.12
  >
  > I have set up the server.xml, by uncommenting the SSL information.
  >
  > I have also done the keytool command at the command prompt.
  >
  > I have edited my action, so that, for now sercure is set to true.
  >
  > I have edited my login page so that it has the page the
  pageSheme tag with
  > security set to true.
  >
  > I have also edited the form tags to be secure form tags.
  >
  > Basically, how my app works, is that every page has a 
 checkLogin Tag.
  >
  > if no-one is loogedd in, it returns SKIP_PAGE and does
  > pageContext.forward("login.jsp");
  >
  > with the exception of the tag changes, this is exactly how
  my code was
  > before.
  >
  > Now it doesn't work.
  >
  > The app throws a JasperException without any kind of message
  included.
  >
  > Can anyone guide me through this problem?
  >
  > Thanks in advance
  >
  > Steve
  >
  >
  > --
  > To unsubscribe, e-mail:
  <mailto:[EMAIL PROTECTED]>
  > For additional commands, e-mail:
  <mailto:[EMAIL PROTECTED]>
  >
  >
 
 
 


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Using SecureLinkTag with non-actions

[Ditlinger, Steve]

Rick:

You are not the first to ask for a "secure" attribute on the link tag.  This
would be most useful for links to outside resources, like yours.  Currently,
the best answer would be to use the regular struts  tag for those
links, instead of the  tag -or- perhaps the 
tag is what you want to use.  Place at the top of your page like so:
. 

As for specifying a forward to be secure or non-secure: changing the
protocol requires a redirect, so every forward where the protocol changes
would require a redirect, which would be OK assuming the developer
recognizes that going in.  I think you can accomplish the same thing right
now by using the  tag.  

Anyway, please let me knoe of anymore issues, suggestions, etc you have.

Steve

> -Original Message-
> From: Rick Mann [mailto:rmann@;latencyzero.com]
> Sent: Monday, November 04, 2002 8:19 PM
> To: Struts Users Mailing List
> Subject: Using SecureLinkTag with non-actions
> 
> 
> Hi. I recently added the SSL Ext stuff to Struts 1.1b2, and 
> it mostly works,
> except for the SecureLinkTag.
> 
> I have a .jsp that is not required to be secure. The typical 
> user, however,
> will get to this page as a result of logging in (an HTTP 
> post), and so the
> page will be "secure".
> 
> I have several links on this page, none of which need to be 
> secure (that is,
> I'd like for them to be "http://..."; links). Using the 
> SecureLinkTag, I get
> this for links that reference an action, but for links that reference
> another .jsp or .html page, it uses the same scheme as the 
> referring page.
> 
> How can I tell ssl-ext that a page or forward is not secure? 
> Is this even
> possible? If not, a poor workaround would be to add a 
> "secure" property to
> the tag...
> 
> TIA
>  
> -- 
> Rick
> 
> 


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: DTD

[Ditlinger, Steve]

Hi Jeff:

It appears you have a mismatch of identifier (1.1) with DTD (1.0) in your
!DOCTYPE tag.  Change your identifier to 1.0 to be consistent with the DTD
URL and then your app should work whether the struts site is up or not.
(Assuming your app is a Struts 1.0 app) 

The ActionServlet will use the DTD in the struts.jar if it recognizes the
identifier.  That's what we've been doing with Struts 1.1 successfully on a
server with no web access.

Good luck,
Steve


-Original Message-
From: Lowe, Jeff [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 26, 2002 7:49 AM
To: 'Struts Users Mailing List'
Subject: DTD


I'm new to this list, so forgive me if this question has been posted
recently.

Yesterday my Struts application stopped working.  I finally traced the
problem to the following line in struts-config.xml:

http://jakarta.apache.org/struts/dtds/struts-config_1_0.dtd";>

Apparantly the Apache domain was unavailable for awhile on the web and this
caused the parser to hang.  (I was surprised not to see any mention of this
anywhere.  I would have thought that Struts apps all around the world would
have stopped working.)

To fix the problem I placed a copy of struts-config_1_0.dtd in the same
directory as struts-config.xml and changed the reference to:



When I start the application, I get a parser error stating that it can't
find the resource in the directory that the VM (i.e. Weblogic) was started
from.  According to the XML spec, the SYSTEM specifier should tell the
parser to look for the resource in a path relative to struts-config.xml, in
this case - the same directory.  Anyone have any insight into this?

Thanks,
-Jeff

Jeff Lowe
Software Architect
CELT Corporation
199 Forest St.
Marlboro, MA 01752

508-624-4474 x1237
[EMAIL PROTECTED]


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Tiles and subapps in Struts 1.1

[Ditlinger, Steve]

Is this the case, Cedric, tiles no good with subapps without a lot of of
changes?

Thanks,
Steve

Ian Tomey said:
--
my advice to you is dont bother with subapps with tiles unless you have a
lot of time to invest in working on it. a lot would need to be changed to
make it work properly. 

>>> [EMAIL PROTECTED] 07/17/02 09:32am >>> Does anyone have tiles
working in a subapp under Struts 1.1? Our working app seems to have stopped
working once we divided the app into subapps with separate struts config
files. Is ActionComponentServlet not compatible with subapplications? We do
have ActionComponentServlet specified in the web.xml and have the Tiles
RequestProcessor specified in each of the subapp's struts config files. Is
there another piece of the puzzle we are missing for using Tiles with
subapps? Thanks, Steve 


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Tiles and subapps in Struts 1.1

[Ditlinger, Steve]

Does anyone have tiles working in a subapp under Struts 1.1?  Our working
app seems to have stopped working once we divided the app into subapps with
separate struts config files.  Is ActionComponentServlet not compatible with
subapplications?  We do have ActionComponentServlet specified in the web.xml
and have the Tiles RequestProcessor specified in each of the subapp's struts
config files.  Is there another piece of the puzzle we are missing for using
Tiles with subapps?

Thanks,
Steve


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: *.do !

[Ditlinger, Steve]

If the question is: How do I get the URL of the JSP (or other  URL
path) to show in the browser's URL field?  I think the answer is to add
redirect="true" to the forward element definition.  Of course, this has
other side effects, such as losing the request's attributes and parameters.
So make sure that is what you really want to do.

Steve

-Original Message-
From: Struts Newsgroup [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 10, 2002 2:55 AM
To: [EMAIL PROTECTED]
Subject: Re: *.do !


Subject: Re: *.do !
From: "Hyunjin Kim" <[EMAIL PROTECTED]>
 ===
hmm.. i am not sure if i am understanding your question correctly... but..
the answer is no..

you cannot just call the forward path(buy.jsp) and hope it will also call
the action servlet (except if you have code in the jsp page that calls the
action class... but in that case, you are outside of the struts framework).

now my question:
Why do you wanna do that??


<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Hi,
> When i call an action i have in my browser url field http://...buy.do
> insteadof ../buy.jsp
> Is there a solution to have the forward path and not the path of the
action
> Thanks
>
>
>
> --
> To unsubscribe, e-mail:

> For additional commands, e-mail:

>



--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: HTTPS + Struts

[Ditlinger, Steve]

Rizvan:

We have written an extension to Struts that does the things you are asking
about.  This extension allows you to specify certain actions to requested
via https.  Our extension to the  tag determines whether the
posting action should be requested via http or https.  If it should be
https, the https://and.so.on will be added to the posting URL in the 
tag generated as output.  See http://struts.ditlinger.com for some more info
or feel free to email me with your questions.

Steve

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 03, 2002 12:59 AM
To: [EMAIL PROTECTED]
Subject: HTTPS + Struts




Can you advice on how you manage to redirect the http request from http to
https?

I have following scenario (typical of a shopping site).

1) User search and place item into shopping cart (eg calls
http://www.acmeshop.com/addtoshoppingcart.do)
2) addtoshoppingcart.do do some processing and redirects user back to
shopping search page (eg http://www.acmeshop.com/shoppingsearch.jsp )
3) User clicks on the check out page URL. (eg calls
http://www.acmeshop.com/showshoppingcart.do and return the results to
http://www.acmeshop.com/showcartcheckout.jsp).
4) User clicks on make payment. On the shwowcartcheckout.jsp, I need to be
able to set the form action attribute to call
https://www.acmeshop.com/makepayment.do (where makepayment.do will redirect
to the https://www.acmeshop.com/enterpaymentdetail.jsp). The form action
attribute on the enterpaymentdetail.jsp will call
https://www.acmeshop.com/processpayment.do )

What I am trying to find out is how do I set the https:// in the form action
attribute of showcartcheckout.jsp. The form tag does not have any attribute
will will create the https://...  string. Do I have to hard code the form
action in this page? Or am I total off the track?

Thanks in advance

Rizvan



--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Examples - 1.1 Beta1 SubApps

[Ditlinger, Steve]

I notice that none of the 1.1 Beta1 examples include sub-application
configurations.  Is this feature ready for prime time?  If so, are there any
good examples anywhere?  My attempts to use new feature this have not met
with success.

Thanks,
Steve


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: Get properties from the struts-config.xml with Struts 1.1 Beta

[Ditlinger, Steve]

Under Struts 1.1, you now specify the mapping as an attribute of the
 element in the struts-config.xml file as seen here in this
snippet from the DTD:

--





-

hth,
Steve


-Original Message-
From: Falkmar Bodo Hinueber [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 26, 2002 5:16 AM
To: [EMAIL PROTECTED]
Subject: Get properties from the struts-config.xml with Struts 1.1 Beta


Hi,
I've a problem with Struts 1.1 Beta, to read properties, which are set 
in the struts-config.xml
This code works with an old version from Struts but not with Struts 1.1 
Beta.
Can anybody help me?

Here are the sources:

The web.xml :

...
 
action
org.apache.struts.action.ActionServlet


  mapping
  test.myMapping

...

...


The struts-config.xml:


...
   

  
  

  


...



The myMapping.java:

package test.myMapping;
import org.apache.struts.action.ActionMapping;

public class myMapping extends ActionMapping {

protected String myProperty;

public void setMyProperty(String myProperty) {
this.myProperty = myProperty;
}

public String getMyProperty() {
return myProperty;
}
}


The testAction.java:


public final class testAction extends Action {

   public ActionForward execute(ActionMapping mapping,
 ActionForm form,
 HttpServletRequest request,
 HttpServletResponse response)
throws IOException, ServletException {
String myProperty=null;


if (mapping instanceof myMapping)   // this doesn't work with struts 
1.1   what is the cause ?
{
//cast the mapping class into our custom
//mapping class
myMapping mp = (myMapping) mapping;

myProperty=mp.getMyProperty();

}

...


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: RE: Big Problem Dealing with SSL!! (Using S. Ditlinger's ext.)

[Ditlinger, Steve]

Good!

I don't think there is any way of eliminating the pop-up message (except by
the browser user disabling it) since you are in fact redirecting from a
secure to a non-secure page.

We have been thinking of changing the extension so that the "secure"
property has 3 possible values: SECURE (for https), NON-SECURE (for http)
and WHATEVER (to accept either protocol).  Using the WHATEVER value would
help cut down on those message dialogs.  Do you think this would be
worthwhile?

Steve

-Original Message-
From: jorisumu [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 18, 2002 11:57 AM
To: Ditlinger Steve
Subject: Re: RE: Big Problem Dealing with SSL!! (Using S. Ditlinger's
ext.)


Well it worked! :-D

After adding the redirect="true" attribute to the forward definition 
the login are not present anymore in the transmition. But I still get 
the pop-up message though. I guess I can live with this for now.

Thanks a lot!

Jorge

- Mensaje original -
De: "Ditlinger, Steve" <[EMAIL PROTECTED]>
Fecha: Lunes, Marzo 18, 2002 1:18 pm
Asunto: RE: Big Problem Dealing with SSL!! (Using S. Ditlinger's ext.)

> If you change the forward definition to this:
> 
> .
>  ...
> 
> you should eliminate the presence of the logon parameters in the query
> string.
> 
> The extension we wrote redirects a page using the correct protocol (if
> necessary).  One of the consequences of a redirect is the loss of 
> postedparameters.  For this reason, in our extension, we put 
> posted parameters
> into the query string.  This can be annoying in many cases and 
> just bad in
> other cases such as for login parameters (like yours).  
> 
> In your case, after you have executed logonAction, you shouldn't 
> need the
> login parameters any more, but when you forward to the non-secured 
> action,our extension will try to save them in the query string.  
> By specifying
> "redirect=true" in the forward, you will cause Struts to use 
> redirect rather
> than forward when it requests "account.do", which will clean out 
> the logon
> attributes before our extension ever has a chance to redirect 
> using the
> non-secure protocol.
> 
> hth,
> Steve
> 
> 
> -Original Message-
> From: jorisumu [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 14, 2002 4:49 PM
> To: [EMAIL PROTECTED]
> Subject: Big Problem Dealing with SSL!! (Using S. Ditlinger's ext.)
> 
> 
> Hi all!
> 
> I discover a few days ago the famous article at JavaWorld by Steve 
> Ditlinger (http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-
> ssl.html).
> 
> Then after looking at the archives of this mail-list I discovered 
> HE 
> actually made an implementation of the ideas expressed on the 
> article 
> as a struts extension (http://struts.ditlinger.com).
> 
> Well, I'm in the middle of the development of a web-app using 
> Struts. 
> So I decided to try it! Thanks Steve, is really cool!!! It gave me 
> a 
> little trouble on the beggining, but were about just config 
> issues. (I 
> trully encourage you to document the extension a little more ;-) ).
> 
> Now I have a little problem: I have this logon action defined in 
> my 
> struts-config.xml:
> 
>   type="com.factoringmarket.web.LogonAction"
>  name="logonForm"
>  scope="request"
>  input="/logon.jsp">
>
>   
> 
> That call it from my jsp this way:
> 
> 
> ...
> 
> 
> My problem comes when in the LogonAction's perform() I return a 
> forward 
> to a non-secure page that is actually defined in the struts-
> config.xml 
> file as a global forward like this: 
> .
>  ...
> 
> Then I got the pop-up message in the browser: "You are about to be 
> redirected to a connection that is not secure. The information you 
> are 
> sending to the current site might be retransmitted to a nonsecure 
> site. 
> Do you wish to continue?" So I got curious and checked the 
> transmition 
> with a protocol analizer and I can clearly see in the 
> transmition: "GE
> So I'm confused... Why's happening this? what am I doing wrog? How 
> can 
> avoid this retransmition? :-O
> 
> Thanks a lot guys!
> 
> 
> ___ 
> Consigue tu e-mail gratuito TERRA.COM.CO
> Haz click en http://www1.terra.com.co/correo
> 
> 

 ___ 
Consigue tu e-mail gratuito TERRA.COM.CO
 Haz click en http://www1.terra.com.co/correo


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Big Problem Dealing with SSL!! (Using S. Ditlinger's ext.)

[Ditlinger, Steve]

If you change the forward definition to this:

.

...

you should eliminate the presence of the logon parameters in the query
string.

The extension we wrote redirects a page using the correct protocol (if
necessary).  One of the consequences of a redirect is the loss of posted
parameters.  For this reason, in our extension, we put posted parameters
into the query string.  This can be annoying in many cases and just bad in
other cases such as for login parameters (like yours).  

In your case, after you have executed logonAction, you shouldn't need the
login parameters any more, but when you forward to the non-secured action,
our extension will try to save them in the query string.  By specifying
"redirect=true" in the forward, you will cause Struts to use redirect rather
than forward when it requests "account.do", which will clean out the logon
attributes before our extension ever has a chance to redirect using the
non-secure protocol.

hth,
Steve


-Original Message-
From: jorisumu [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 14, 2002 4:49 PM
To: [EMAIL PROTECTED]
Subject: Big Problem Dealing with SSL!! (Using S. Ditlinger's ext.)


Hi all!

I discover a few days ago the famous article at JavaWorld by Steve 
Ditlinger (http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-
ssl.html).

Then after looking at the archives of this mail-list I discovered HE 
actually made an implementation of the ideas expressed on the article 
as a struts extension (http://struts.ditlinger.com).

Well, I'm in the middle of the development of a web-app using Struts. 
So I decided to try it! Thanks Steve, is really cool!!! It gave me a 
little trouble on the beggining, but were about just config issues. (I 
trully encourage you to document the extension a little more ;-) ).

Now I have a little problem: I have this logon action defined in my 
struts-config.xml:





That call it from my jsp this way:


...


My problem comes when in the LogonAction's perform() I return a forward 
to a non-secure page that is actually defined in the struts-config.xml 
file as a global forward like this: 
.

...

Then I got the pop-up message in the browser: "You are about to be 
redirected to a connection that is not secure. The information you are 
sending to the current site might be retransmitted to a nonsecure site. 
Do you wish to continue?" So I got curious and checked the transmition 
with a protocol analizer and I can clearly see in the 
transmition: "GET/account.do?membername=someuser&password=prettycat"

So I'm confused... Why's happening this? what am I doing wrog? How can 
avoid this retransmition? :-O

Thanks a lot guys!

 ___ 
Consigue tu e-mail gratuito TERRA.COM.CO
 Haz click en http://www1.terra.com.co/correo


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: Confusion on SSL

[Ditlinger, Steve]

Not sure I completely understand your problem, but it sounds like you are
saying that the pages are rendering with the correct protocol, but that you
are still getting the non-secure dialog message.  If the page has images,
those could be the non-secure elements that the dialog is refering to.  I
think if you use the "page" attribute of the img tag rather than the "src"
attribute, you will not have this problem.

Otherwise, I think I will need more info to determine what is going on.

HTH,
Steve



-Original Message-
From: Sean Willson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 14, 2002 3:50 PM
To: Struts Users
Subject: Re: Confusion on SSL


Well I am doing some javascript stuff that dynamically loads a view in 
the background via Struts and then once it's loaded replaces that view 
with the current one. Both views are obtained via SSL. I construct the 
URL that is loaded using the RequestUtils library and then some post 
processing. Here is the logic I am using:

String refresh = RequestUtils.computeURL(pageContext, "dock", null, 
null, args, null, false);
// if this is a secure request we need to calculate the url fully
if (request.isSecure()) {
   refresh = request.getScheme() + "://" + request.getServerName() + ":" 
+ request.getServerPort() + refresh;
}

This works in that it constructs the right URL but when the page is 
loaded I get an dialog saying that the page contains nonsecured 
elements. Any ideas on this? Is it the javascript that is doing this or 
is it struts not using the right output stream.

Our application is configurable to just refresh or use remote scripting. 
The proceedure that is failing is the remote scripting one. If we just 
tell the view to reload and not do it in the background then it appears 
to work fine. The remote scripting version uses a hidden IFRAME to load 
the server view and then replace the current view, ususally the same 
plus or minus some data, with the new frame.

Sorry if this sounds confusing ... I can give additional detail if needed.

Sean

Ditlinger, Steve wrote:
> 
> It shouldn't take much more than what you described here.
> What are you testing that is not working? 
> 
> i.e. Is it a problem with the SSL port?  Are you trying to block access
via
> HTTP


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Confusion on SSL

[Ditlinger, Steve]

It shouldn't take much more than what you described here.
What are you testing that is not working?  

i.e. Is it a problem with the SSL port?  Are you trying to block access via
HTTP?


-Original Message-
From: Sean Willson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 14, 2002 12:50 PM
To: Struts Users
Subject: Confusion on SSL


I have been reading this list for a while but I have a few questions 
about SSL and Struts. I know a few threads have been going on recently 
about a SSL library you can use on top of Struts to enable certain 
actions within your application to be secure. But I was under the 
impression that if you wanted all pages within you web application to be 
secure it was as simple as connecting to the inital pages with https 
after configuring your container to use a cert. Apparetly I was dead 
wrong. Is there something I am missing here to make this easy or are we 
going to have to redevelop all of our pages to use yet another 
taglibrary to enable SSL?

Sorry if this was rehashed in other threads, I honestly did do a search 
and thought I understood this only to find I was wrong when I tested it. 
Any help would be appreciated.

Sean


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: "parameter" attribute in the action-mapping... what is it?

[Ditlinger, Steve]

The SSL extension from my JavaWorld article of Feb 15 uses the "action"
tag's "parameter" attribute.  That has since been modified so that the
version available at http://struts.ditlinger.com uses the "set-property"
tag.  This was done to avoid the exact limitation you are finding with the
"parameter" attribute.

Cheers,
Steve

-Original Message-
From: Ted Husted [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 12:43 PM
To: Struts Users Mailing List
Subject: Re: "parameter" attribute in the action-mapping... what is it?


You can use a deliminated list of items, and then use the String
tokenizer to pull them out. 

StringTokenizer helperClasses =
new StringTokenizer(mapping.getParameter(),";");
int i = -1;
Object[] helpers = new Object[helperClasses.countTokens()];
while (helperClasses.hasMoreTokens()) {
String helperClass = helperClasses.nextToken().trim();
if ((helperClass==null) || (helperClass.length()==0))
continue;
// ...
}

You can also extend ActionMappings and use the digester 
feature to set your own properties. Matt Raible does this with his
workflow extension. 

http://www.livinglogic.de/Struts/

After that, you're into modifying how the ActionServlet parses the
config.

-- Ted Husted, Husted dot Com, Fairport NY US
-- Developing Java Web Applications with Struts
-- Tel: +1 585 737-3463
-- Web: http://husted.com/about/services


Steve Earl wrote:
> 
> Does anyone know if you can specify more than a single parameter on the
> actionMapping definition within the struts-config.xml file?
> 
> The reason for the question is that I'd like to do something similar to
> what's specified below - have an action which processes several related
> tasks using a parameter to distinguish them. However, I'm also using Steve
> Ditlinger's ssl tag extension and that requires a parameter on the
> actionMapping of "secure".
> 
> All advice appreciated.
> 
> regards,
> steve
> 
> __
> Steve Earl
> 
> -Original Message-
> From: Donald Miller [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 05, 2002 3:33 PM
> To: Struts Users Mailing List
> Subject: Re: "parameter" attribute in the action-mapping... what is it?
> 
> It's a general purpose attribute you can use to pass any desired
> information into the action from the struts-config.xml file.  You can
> access the parameter's value within the action class via the
> mapping.getParameter() method.  For actions requiring multiple steps, the
> parameter is often used to indicate which step the mapping is associated
> with.  For example:
> 
> type="myactions.CreateSomethingAction"
>...
>parameter="step1">...
> 
> type="myactions.CreateSomethingAction"
>...
>parameter="step2">...
> 
> type="myactions.CreateSomethingAction"
>...
>parameter="complete">...
> 
> I hope this helps.  Take care.
> 
> Don
> 
> --
> To unsubscribe, e-mail:
> 
> For additional commands, e-mail:
> 
> 
> --
> To unsubscribe, e-mail:

> For additional commands, e-mail:



--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: Implement HTTP and HTTPS in a safe, flexible, and easily maintainable manner

[Ditlinger, Steve]

Yes, it is.  Can you upgrade?  If not, you should be able to write your own
utility that takes a Request and creates a HashMap instance containing any
parameters found on it.

Steve

-Original Message-
From: Michael Mok [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 24, 2002 7:25 PM
To: 'Struts Users Mailing List'
Cc: [EMAIL PROTECTED]
Subject: RE: Implement HTTP and HTTPS in a safe, flexible, and easily
maintainable manner 


Steve

I tried to compile your  SecureRequestUtils code using servlet 2.1 and the
compiler says that "aRequest.getParameterMap()" does not exist.

Is your servletUtil based on Servlet 2.3?

Regards

Michael Mok

/**
 * Creates query String from request body parameters
 */
public static String getRequestParameters( HttpServletRequest
aRequest ){
Map m = aRequest.getParameterMap();
return createQueryStringFromMap(m, "&").toString();
}

-Original Message-
From: Ditlinger, Steve [mailto:[EMAIL PROTECTED]]
Sent: Monday, 25 February 2002 9:30
To: 'Niall Pemberton'; struts-user; struts-dev
Subject: RE: Implement HTTP and HTTPS in a safe, flexible, and easily
maintainable manner



Hey, thanks for the publicity.

We've created a Struts extension based on this article.  Find it at
http://struts.ditlinger.com.

Try it out, let us know what you think.

Steve

-Original Message-
From: Niall Pemberton [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 12:24 PM
To: struts-user; struts-dev
Subject: Implement HTTP and HTTPS in a safe, flexible, and easily
maintainable manner


This gives an example of how to integrate SSL into a Web App, using Struts
as an example.


http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-ssl.html


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Implement HTTP and HTTPS in a safe, flexible, and easily maintainable manner

[Ditlinger, Steve]

Hey, thanks for the publicity.

We've created a Struts extension based on this article.  Find it at
http://struts.ditlinger.com.

Try it out, let us know what you think.

Steve

-Original Message-
From: Niall Pemberton [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 12:24 PM
To: struts-user; struts-dev
Subject: Implement HTTP and HTTPS in a safe, flexible, and easily
maintainable manner 


This gives an example of how to integrate SSL into a Web App, using Struts
as an example.


http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-ssl.html


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: Bug with SSL

[Ditlinger, Steve]

Yes, in this case, by specifying redirect, you are also clearing out the
posted parameters.  This is OK because you don't need them anymore after the
login action.  However since you proceed directly to another action from the
login action, there is no point where our extension intervenes to send you
to the non-secure action without our own second redirect.  (However, you
have inspired us to perhaps add this feature.) When our code does later
perform the second redirection, there are no post parameters to stick in the
query string 

Internally this posted-parameters-to-query-string process has prompted much
debate.  While we all agree that something like this is needed, we would
like to improve this feature so that we never add parameters to the query
string.  We just haven't figured out how to do it yet.

Until we add the Greg-inspired feature and/or find an alternate general
solution to the query string, you will need to continue to specify
redirect="true" in situations like this to avoid displaying posted data in
the location field.

Thanks,
Steve

-Original Message-
From: Greg Hess [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 18, 2002 7:01 AM
To: Struts Users Mailing List
Subject: RE: Bug with SSL


Max, Steve:

Thank you, my parameters are no longer visible. From what I can see(please
correct me if I am wrong) after the original post using SSL, the SSL process
listening to port(443) decrypts the encrypted post parameters and places
them in the request for the Servlet to process. In the scenario that I am
switching between HTTPS and HTTP in the same request I will always have to
redirect instead of forward to avoid the parameters being visible.

Greg




-Original Message-----
From: Ditlinger, Steve [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 16, 2002 1:14 AM
To: 'Max Cooper'; Struts Users Mailing List
Subject: RE: Bug with SSL



Max, Greg:

I successfully tried your given solution.  The posted parameters are no
longer seen in the location field.

Steve


-Original Message-
From: Max Cooper [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 15, 2002 4:16 PM
To: Struts Users Mailing List
Subject: Re: Bug with SSL


Greg,

Please try setting the redirect attribute of your success action forward to
true in the struts-config.xml file, like so:



I'm going to try out this scenario and report back with any additional tips
that I can think of.

-Max

- Original Message -
From: "Greg Hess" <[EMAIL PROTECTED]>
To: "Struts Mail List" <[EMAIL PROTECTED]>
Sent: Friday, February 15, 2002 11:34 AM
Subject: Bug with SSL


> Hi All,
>
> I am using the classes provide by http://struts.ditlinger.com/ to allow
for
> switching between Http and Https calls in my Struts application. I have
> installed SSL and is working fine under a test certificate. I am using the
> the extended 
> ,  and the secure property in my Action definitions. I would
> like my main logonForm to be submitted using SSL and after the username
and
> password are received on the server using SSL to switch back to http. What
> happens is that the secure data posted by logon.jsp is visible in the
> location
>
http://localhost/emailssl-struts/mainPage.do?password=hess&submit=Submit&use
> rname=ghess. I have tried having the LogonAction setRedirect(true) on the
> ActionForward returned but with no success. Unfortunately this is making
my
> secure data visible, how can I fix this bug.
>
> 
>  path="/mainPage"
> type="org.apache.struts.actions.ForwardAction"
> parameter="/maintemplate.jsp">
> 
> 
>
> 
>  path="/logon"
>type="com.wrappedapps.email.LogonAction"
>name="logonForm"
>   scope="request"
>   validate="true"
>   input="/logon.jsp">
>   
>   
> 
>
> Thanks,
> Greg
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Bug with SSL

[Ditlinger, Steve]

Max, Greg:

I successfully tried your given solution.  The posted parameters are no
longer seen in the location field.

Steve


-Original Message-
From: Max Cooper [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 15, 2002 4:16 PM
To: Struts Users Mailing List
Subject: Re: Bug with SSL


Greg,

Please try setting the redirect attribute of your success action forward to
true in the struts-config.xml file, like so:



I'm going to try out this scenario and report back with any additional tips
that I can think of.

-Max

- Original Message -
From: "Greg Hess" <[EMAIL PROTECTED]>
To: "Struts Mail List" <[EMAIL PROTECTED]>
Sent: Friday, February 15, 2002 11:34 AM
Subject: Bug with SSL


> Hi All,
>
> I am using the classes provide by http://struts.ditlinger.com/ to allow
for
> switching between Http and Https calls in my Struts application. I have
> installed SSL and is working fine under a test certificate. I am using the
> the extended 
> ,  and the secure property in my Action definitions. I would
> like my main logonForm to be submitted using SSL and after the username
and
> password are received on the server using SSL to switch back to http. What
> happens is that the secure data posted by logon.jsp is visible in the
> location
>
http://localhost/emailssl-struts/mainPage.do?password=hess&submit=Submit&use
> rname=ghess. I have tried having the LogonAction setRedirect(true) on the
> ActionForward returned but with no success. Unfortunately this is making
my
> secure data visible, how can I fix this bug.
>
> 
>  path="/mainPage"
> type="org.apache.struts.actions.ForwardAction"
> parameter="/maintemplate.jsp">
> 
> 
>
> 
>  path="/logon"
>type="com.wrappedapps.email.LogonAction"
>name="logonForm"
>   scope="request"
>   validate="true"
>   input="/logon.jsp">
>   
>   
> 
>
> Thanks,
> Greg
>
>
> --
> To unsubscribe, e-mail:

> For additional commands, e-mail:

>
>


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: Implementing HTTPS in Struts

[Ditlinger, Steve]

Rob:

Yes that is they way we have used it.  People seem to like to see that
little lock display on the browser frame when they are entering "secret"
data, even though that does not specify how the data will actually be
posted.  We will be working on the FormTag to make the same changes we did
for the LinkTag soon.  When we do, we will repost our jar file.

Thanks for the feedback,
Steve

-Original Message-
From: Robert Scaduto [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 06, 2002 6:50 AM
To: Struts Users Mailing List
Subject: RE: Implementing HTTPS in Struts


Thanks, Max,

In the mean time as a work around I will just mark the action called before
any secure data is posted is also secure, ensuring that the data is sent
encrypted.

Thanks Again,

Rob

-Original Message-
From: Max Cooper [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 05, 2002 7:04 PM
To: Struts Users Mailing List
Subject: Re: Implementing HTTPS in Struts


Rob,

You are absolutely correct that that is an issue. Our proposed solution for
it is to modify (or extend until this functionality is integrated into
Struts) the Struts form tag as you suggest, so that it will compute the
right URL, which may be an absolute https URL if the target action is
secure.

The primary mechanism for doing the HTTP/HTTPS switching is the extended
tags that compute the proper URL. The redirecting stuff is secondary and
only there in the case that someone makes an errant request (by typing the
URL, bad bookmark, etc.).

-Max

- Original Message -
From: "Robert Scaduto" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, February 05, 2002 2:22 PM
Subject: RE: Implementing HTTPS in Struts


> Steve,
>
> Thank you for your response.  I have taken a look at your https framework
> and I it looks great. I do have one concern though.
>
> In looking through the code I noticed that if a non-secure request comes
in
> to a action marked as secure, the framework will persist the request
> attributes in the session and tell the browser to re-direct using https.
> However this allows the parameters in the form or querystring to go across
> the network un-encrypted before the framework can perform the redirect.
>
> My thought was that the same SecureRequestUtils.computeURL() function
should
> also be used by the form tag to determine, before the form is rendered,
that
> the post should be transmitted via https.  This would require subclassing
> the struts FormTag as well.
>
> Am I totally off base here?
>
> -Rob
>
> -Original Message-
> From: Ditlinger, Steve [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 01, 2002 7:30 PM
> To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: Implementing HTTPS in Struts
>
>
>
> Robert:
>
> We recently posted just such a solution.  Check it out at
> http://struts.ditlinger.com.  There you will find a description of our
> solution and a link to download our Struts extensions and example app.  If
> you have any questions, please do not hesitate to ask.
>
> Steve
>
>
> >You wrote:
> ---
> Hello all, my name is Rob Scaduto and I have just recently joined the
Struts
> user mailing list. I have yet to find any resources talking about how to
> handle switching between http and https (and vice versa) using struts. The
> only solution I was able to come up with was sub classing the Struts
LinkTag
> and adding a secure attribute. This would then dynamically build an
absolute
> path based on the jsp. This works great when you use the forward or page
> attribute, but doesn't work at all if you use the href attribute. I'd like
> to have a solution that works in all cases and I was curious if someone
> could add some insight. Thanks in advance, Rob
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Implementing HTTPS in Struts

[Ditlinger, Steve]

Hmmm. I just tried it again to be sure and it worked.  
Maybe it is just slow.

Try this one, maybe you can reach it better.

http://us.f1.yahoofs.com/users/aee2731f/bc/public/Struts+Security+Extension.
jar?bcB4.X8AlFd_32Ts


HTH,

Steve

-Original Message-
From: Rob Breeds [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 04, 2002 4:07 AM
To: Struts Users Mailing List
Subject: Re: Implementing HTTPS in Struts



Steve

This link fails to load a complete page for me, and doesn't include a link!
Perhaps it's just me?

Rob




 

    "Ditlinger,

    Steve"   To: "'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]>,  
  
uilt.com>cc: "'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]> 
 Subject: Re: Implementing HTTPS
in Struts 
02/02/2002

00:30

Please respond

to "Struts

Users Mailing

List"

 

 






Robert:

We recently posted just such a solution.  Check it out at
http://struts.ditlinger.com.  There you will find a description of our
solution and a link to download our Struts extensions and example app.  If
you have any questions, please do not hesitate to ask.

Steve


>You wrote:
---
Hello all, my name is Rob Scaduto and I have just recently joined the
Struts
user mailing list. I have yet to find any resources talking about how to
handle switching between http and https (and vice versa) using struts. The
only solution I was able to come up with was sub classing the Struts
LinkTag
and adding a secure attribute. This would then dynamically build an
absolute
path based on the jsp. This works great when you use the forward or page
attribute, but doesn't work at all if you use the href attribute. I'd like
to have a solution that works in all cases and I was curious if someone
could add some insight. Thanks in advance, Rob


--
To unsubscribe, e-mail:   <
mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <
mailto:[EMAIL PROTECTED]>





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Implementing HTTPS in Struts

[Ditlinger, Steve]

Robert:

We recently posted just such a solution.  Check it out at
http://struts.ditlinger.com.  There you will find a description of our
solution and a link to download our Struts extensions and example app.  If
you have any questions, please do not hesitate to ask.

Steve


>You wrote:
---
Hello all, my name is Rob Scaduto and I have just recently joined the Struts
user mailing list. I have yet to find any resources talking about how to
handle switching between http and https (and vice versa) using struts. The
only solution I was able to come up with was sub classing the Struts LinkTag
and adding a secure attribute. This would then dynamically build an absolute
path based on the jsp. This works great when you use the forward or page
attribute, but doesn't work at all if you use the href attribute. I'd like
to have a solution that works in all cases and I was curious if someone
could add some insight. Thanks in advance, Rob 


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: Proposed solution for HTTP vs. HTTPS

[Ditlinger, Steve]

All:

Thanks to those of you who have tried our solution and given us your
feedback.  We are heartened to hear that you plan to make good use of it.
Of course, those of you who pointed out that we included the wrong
index.html file are right.  We have corrected that error and have reposted
the jar file at the URLs given below.

Thanks for your help,

Steve 

>Common custom or not, I was deluged with messages from mail servers around
the world that the attachment would be removed. So, we have now made the
source code and sample app (sans the jsse jars) available at
 and

For additional commands, e-mail: 

Re: Proposed solution for HTTP vs. HTTPS

[Ditlinger, Steve]

The line in question contains a call to request.getParameterMap(), a method
new to Servlet Spec 2.3..  I guess I should state that you'll need Tomcat
4.0 (or other J2EE 1.3-compliant container) and/or the latest j2ee jar.
Thanks,
Steve


>Has anyone successfully deployed the example app? I get an error when
running it: java.lang.NoSuchMethodError at
org.apache.struts.util.SecureRequestUtils.getRequestParameters(D:/CvsProject
s/StrutsExtTry/src/org/apache/struts/util/SecureRequestUtils.java:243) 


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: Proposed solution for HTTP vs. HTTPS

[Ditlinger, Steve]

Common custom or not, I was deluged with messages from mail servers around
the world that the attachment would be removed.  So, we have now made the
source code and sample app (sans the jsse jars) available at
http://struts.ditlinger.com and
http://us.f1.yahoofs.com/users/aee2731f/bc/public/Security+Extension+To+Stru
ts.jar?bcnjho8Ao43PhqrL.  

Please try it out and let us know what you think.

Steve Ditlinger
Sr. Software Engineer
eBuilt, Inc.
Irvine, CA

-Original Message-
From: Tom Klaasen (TeleRelay) [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 25, 2002 1:03 AM
To: Struts Users Mailing List
Subject: RE: Proposed solution for HTTP vs. HTTPS


Zipping up text files is a pretty common custom on jakarta lists...

tomK


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
> Sent: vrijdag 25 januari 2002 9:57
> To: [EMAIL PROTECTED]
> Subject: RE: Proposed solution for HTTP vs. HTTPS
> 
> 
> Please don't send binary files to the list. It gets me into 
> lots of trouble
> with our mail gateway people
> 
> > -----Original Message-
> > From: Ditlinger, Steve [mailto:[EMAIL PROTECTED]]
> > Sent: 24 January 2002 17:34
> > To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> > Subject: RE: Proposed solution for HTTP vs. HTTPS
> > 
> > 
> > 
> > 
> > >   Struts-folk:
> > > 
> > >   Please see the attached file as a demonstration of our
> > > proposed extensions for Struts.  
> > > 
> > >   In the course of our work, we have had numerous projects
> > > where it was necessary to switch between using the http & 
> > https protocols
> > > on a page by page basis.  We had a solution which we used 
> > in a traditional
> > > MVC framework with servlets and JSP. We have since switched 
> > over to using
> > > Struts in all of our projects.  Reworking our solution 
> > within Struts has
> > > improved our solution dramatically.
> > > 
> > >   We had noticed that other Struts users had been 
> > asking about
> > > enabling this type of protocol switching.  We thought that 
> > you might find
> > > enough value in what we have done to include our solution 
> > as an extension
> > > to Struts.
> > > 
> > >   The following describes what we have done:
> > > 
> > >   We added a "secure" property to the action tag in the
> > > struts-config.xml file.  A value of true for this property 
> > will specify
> > > that the request to the action should be transmitted via 
> > SSL (https).  We
> > > defined a class SecureActionMapping that extends the 
> > ActionMapping class
> > > and includes the new "secure" property.
> > > 
> > >   We added two more initialization parameters for
> > > SecureActionServlet (our extension to ActionServlet).  
> > These parameters,
> > > http-port and https-port, specify the ports being used by the web
> > > application for http and https protocols.  These default to 
> > 80 & 443,
> > > respectively.  
> > > 
> > >   We added code to SecureActionServlet which will 
> > redirect the
> > > action if the protocol in the request (http or https) for 
> > some reason does
> > > not match that specified by the value of the "secure" 
> property.  The
> > > redirect URL will include the correct protocol and port 
> > number.   One
> > > possible reason for the protocols not matching would be the 
> > manual entry
> > > of a URL into a browser client with the wrong protocol specified.
> > > 
> > >   We created SecureLinkTag as an extension to LinkTag to
> > > prevent unncessary round trips and provide greater 
> security to data
> > > transmission.  The added capability to this tag is that it 
> > checks the
> > > action mappings for the "secure" property of actions that 
> > are specified in
> > > the link.  If the secure property is true and the current page was
> > > transmitted using http, the SecureLinkTag creates a link 
> > specifying the
> > > https protocol and https port for the web application.  
> > Similarly, for
> > > pages transmitted using https that have http links, the 
> > http protocol and
> > > port will be generated by the link tag.  If the protocol 
> > for the current
> > > page matches that of the link specified, a relative link is 
> > created in th

RE: Proposed solution for HTTP vs. HTTPS

[Ditlinger, Steve]

>   Struts-folk:
> 
>   Please see the attached file as a demonstration of our
> proposed extensions for Struts.  
> 
>   In the course of our work, we have had numerous projects
> where it was necessary to switch between using the http & https protocols
> on a page by page basis.  We had a solution which we used in a traditional
> MVC framework with servlets and JSP. We have since switched over to using
> Struts in all of our projects.  Reworking our solution within Struts has
> improved our solution dramatically.
> 
>   We had noticed that other Struts users had been asking about
> enabling this type of protocol switching.  We thought that you might find
> enough value in what we have done to include our solution as an extension
> to Struts.
> 
>   The following describes what we have done:
> 
>   We added a "secure" property to the action tag in the
> struts-config.xml file.  A value of true for this property will specify
> that the request to the action should be transmitted via SSL (https).  We
> defined a class SecureActionMapping that extends the ActionMapping class
> and includes the new "secure" property.
> 
>   We added two more initialization parameters for
> SecureActionServlet (our extension to ActionServlet).  These parameters,
> http-port and https-port, specify the ports being used by the web
> application for http and https protocols.  These default to 80 & 443,
> respectively.  
> 
>   We added code to SecureActionServlet which will redirect the
> action if the protocol in the request (http or https) for some reason does
> not match that specified by the value of the "secure" property.  The
> redirect URL will include the correct protocol and port number.   One
> possible reason for the protocols not matching would be the manual entry
> of a URL into a browser client with the wrong protocol specified.
> 
>   We created SecureLinkTag as an extension to LinkTag to
> prevent unncessary round trips and provide greater security to data
> transmission.  The added capability to this tag is that it checks the
> action mappings for the "secure" property of actions that are specified in
> the link.  If the secure property is true and the current page was
> transmitted using http, the SecureLinkTag creates a link specifying the
> https protocol and https port for the web application.  Similarly, for
> pages transmitted using https that have http links, the http protocol and
> port will be generated by the link tag.  If the protocol for the current
> page matches that of the link specified, a relative link is created in the
> page.   For good measure, we also added a SecureWriteTag.  The FormTag
> should also be changed in the same way.  Other tags which could have
> similar changes change are ImageTag and ImgTag.
> 
>   We created a new tag which we call PageSchemeTag.  This
> allows developers to specify transmission protocol at the page level.
> While good design would seem to require switching protocols only at the
> action level, this tag comes in handy for pages like the login page,
> especially using container managed security.  As with the actions, this
> tag will cause a redirect if the request protocol does not match the
> protocol specified by the secure attribute.
> 
>   We also added a bunch of utility methods in our
> SecureRequestUtils class that is an extension of the RequestUtils class.
> 
>   Also included is a small demo application of the extensions
> we have made for use with Tomcat :
>   NullAction is the action class that is used in the
> definition of all four actions in the struts-config.xml file.  It places a
> string in the request to be forwarded and displayed in a JSP.  The four
> actions are:
>   true - an action with the "secure" attribute set to TRUE
> which forwards to true.jsp, a page which does not specify a security
> parameter.
>   false- an action with the "secure" attribute set to FALSE
> which forwards to false.jsp, a page which does not specify a security
> parameter.
>   truetag - an action with the "secure" attribute set to FALSE
> which forwards to truetag.jsp, a page which includes the pageScheme tag to
> specify a "secure" attribute of TRUE. 
>   falsetag - an action with the "secure" attribute set to TRUE
> which forwards to falsetag.jsp,  a page which includes the pageScheme tag
> to specify a "secure" attribute of FALSE. 
> 
>   Each JSP includes links to the 3 other actions.  The
> SecureLinkTag is used to create these links.  Note that the URL generated
> for each of these links will include any change of protocol and port that
> is required.  
> 
>   We offer this to developers as an extension to Struts, but
> think that ideally our solution would be incorporated into ActionServlet,
> ActionMapping, LinkTag, etc.  
> 
>