What I'm trying to do is to check on my form-login page (which everyone will enter the application through) if they are using http, and if so, switch them to https.
I can do this with the following javascript - I was just wondering if there is anyway in the web.xml or other files that you can specify "only allow https"? <script language="Javascript" type="text/javascript"> var loc = document.location.toString(); var index = loc.indexOf(":"); var url = loc.substring(index,loc.length); if (index == "4") { secureUrl = "https" + url; location.replace(secureUrl); // get rid of current page in history location.href = secureUrl; } </script> Thanks, Matt --- Michael Mok <[EMAIL PROTECTED]> wrote: > Hi Matt > > Here is the code I have written to redirect connection from HTTP to HTTPS > and vice versa > > /* > * > * > * Function to perform HTTP and HTTPS redirection > * Author : Michael Mok ([EMAIL PROTECTED]) > * Version : 1.0 > * > * > */ > > public static String getURL(org.apache.struts.action.ActionForward > forward, javax.servlet.http.HttpServletRequest > request, boolean secure) > { > String path = forward.getPath(); > String contextPath = > request.getContextPath().equals("/")?"":request.getContextPath(); > String serverPort = Integer.toString(request.getServerPort()); > StringBuffer url = new StringBuffer(); > if (secure) { //user has requested to secure the server > url.append("https://"); > serverPort = ( serverPort.equals("80")?"":":"+serverPort); > } else { > url.append("http://"); > serverPort = ( serverPort.equals("443")?"":":"+serverPort); > } > url.append(request.getServerName()); > //this only work if you are using the default port 80 and port 443 > as secure connection > url.append(serverPort); > url.append(request.getContextPath()); > url.append(path); > return url.toString(); > } > > -----Original Message----- > From: Matt Raible [mailto:[EMAIL PROTECTED]] > Sent: Friday, 5 October 2001 4:48 > To: [EMAIL PROTECTED] > Subject: https and struts - forcing an https connection > > > Does anyone know if it's possible in xml configuration files (or my jsp > using > tag libraries) to make my application only accessible via an https > connection? > > I know I can use javascript on my form-login page to do a redirection, but > I'm > hoping there's a cleaner way. > > Thanks, > > Matt > > > __________________________________________________ > Do You Yahoo!? > NEW from Yahoo! GeoCities - quick and easy web site hosting, just > $8.95/month. > http://geocities.yahoo.com/ps/info1 > __________________________________________________ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1