Rick: You are not the first to ask for a "secure" attribute on the link tag. This would be most useful for links to outside resources, like yours. Currently, the best answer would be to use the regular struts <html:link> tag for those links, instead of the <sslext:link> tag -or- perhaps the <sslext:pageScheme> tag is what you want to use. Place at the top of your page like so: <sslext:pageScheme secure="false" />.
As for specifying a forward to be secure or non-secure: changing the protocol requires a redirect, so every forward where the protocol changes would require a redirect, which would be OK assuming the developer recognizes that going in. I think you can accomplish the same thing right now by using the <sslext:pageScheme> tag. Anyway, please let me knoe of anymore issues, suggestions, etc you have. Steve > -----Original Message----- > From: Rick Mann [mailto:rmann@;latencyzero.com] > Sent: Monday, November 04, 2002 8:19 PM > To: Struts Users Mailing List > Subject: Using SecureLinkTag with non-actions > > > Hi. I recently added the SSL Ext stuff to Struts 1.1b2, and > it mostly works, > except for the SecureLinkTag. > > I have a .jsp that is not required to be secure. The typical > user, however, > will get to this page as a result of logging in (an HTTP > post), and so the > page will be "secure". > > I have several links on this page, none of which need to be > secure (that is, > I'd like for them to be "http://..."; links). Using the > SecureLinkTag, I get > this for links that reference an action, but for links that reference > another .jsp or .html page, it uses the same scheme as the > referring page. > > How can I tell ssl-ext that a page or forward is not secure? > Is this even > possible? If not, a poor workaround would be to add a > "secure" property to > the tag... > > TIA > > -- > Rick > > -- To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org>
