Please respond to [EMAIL PROTECTED] if possible due to problems with my ATT Cable Internet. Thanks..
I am trying to get my struts webapp to transition in/out of https for sending sensitive info. I want to be in https only when needed and in http the rest of the time. I have seen many web sites do this (hotmail for one). So after reading all kinds of struts faq's, maillist archives, etc, I have created a routine which dynamically constructs a url and creates an ActionForward (with redirect=true). The code follows below. It is base on some other code found in the mail archives. I am running tomcat 3.2.3 in its default configuration. So http is on port 8080 and I place the https connector on port 8443. All seems ok when tomcat starts up. So my application starts out in http presenting its index page. When the user presses our logon link, the servicing struts action gets the configured success forward and passes it to the function below and returns the result to struts. When I do this, all session info is lost. I can tell that a new session is created because the value of the JSESSIONID cookie changes. So the path starts out something like http://mutantcow:8080/webapp/index.jsp. Then the path gets changed to something like https://mutantcow:8443/webapp/displayLogin.jsp. I have noted that when running tomcat on "default" ports (80 & 443), all runs perfectly. But this is a pain as my Linux box only allows this if the webapp is run by root (which I usually am not). It appears from what I have read that struts should handle this sort of thing. I am not sure if it is a struts issue of a more general problem. Any help is appreciated. Thanks, David import org.apache.struts.action.*; import javax.servlet.http.*; import org.apache.log4j.*; /** * Class ActionUtils * * * @author David P. White * @version %I%, %G% * */ public class ActionUtils { private ActionUtils() { } /** * Function to "toggle" between HTTP and HTTPS. Based in part on code written * by Michael Mok ([EMAIL PROTECTED]) and found in the struts mail archive at * http://www.mail-archive.com/struts-user@jakarta.apache.org/msg16488.html. * this only works if you are using the ports defined above. * * @param forward The action to which we ultimately wish to forward. * @param request The current request. * @param secureRequired How to translate - true yields HTTPS, false yields HTTP. * * @return A translated action that forwards to the original location but * does so in the requested mode. */ public static ActionForward translateToFromHttps(ActionForward forward, HttpServletRequest request, boolean secureRequired) { String path = forward.getPath(); Logger.trace(s_cat, "forward path: " + path); String contextPath = request.getContextPath(); contextPath = (contextPath.equals("/")) ? "" : contextPath; Logger.trace(s_cat, "context path: " + contextPath); String serverPort = Integer.toString(request.getServerPort()); Logger.trace(s_cat, "server port: " + serverPort); StringBuffer newUrl = new StringBuffer(); if (secureRequired) { // if sending to a secure server newUrl.append("https://"); serverPort = ":8443"; } else { newUrl.append("http://"); serverPort = ":8080"; } newUrl.append(request.getServerName()); newUrl.append(serverPort); newUrl.append(request.getContextPath()); newUrl.append(path); // note that the following action forward is a redirection ActionForward actionForward = new ActionForward(newUrl.toString(), true); return actionForward; } } _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>