We're trying to separate the pages in our app into secure and non-secure.
As part of that, we would like to have situations like the login page, the
one that displays the form for getting your username and password, to be in
the non-secure section and the Action that receives the submit from the
login form to be in the secure section. But the <html:form> tag won't let
us do that because it would mean something like this:
<html:form action="https://secure.site.domain/handleLogin.od";>
or some such URL. <html:form> appears to expect/require an Action (defined
in your local struts-config.xml file) to be the value of the "action="
attribute.
Why is this required, that is, while it is nice for <html:form> to attempt
to help out when setting up the "action=" of the <form> tag it generates,
why won't it also allow any old URL?
Of course, I could just use my own <form> tag with the correct "action=" to
POST to the secure Action, but I think that means I can't use the rest of
the <html:*> tags, like <html:text>, right?
Is this just a limitation of struts that should/will be addressed? Or are
we trying to do something that we shouldn't try to do? For example, we
could, of course, put both the page to display the form and the Action to
accept it on the same, secure server, but that wasn't the way we wanted to
design things. Are we trying to design it in a bad way, or is struts
unnecessarily limiting us?
Thanks for any info,
Scott
