Hi Brian,
I don't use the sslext form tags. I don't mention sslext anywhere in my code or my JSP. It's purely a configuration thing.
Are you setting up the SecurePlugin in struts-config?
Also are sure that you are not specifying in the web.xml that the page should be protected by SSL?
Do you have the latest version of sslext? They brought out 1.10-3 recently.
Are you sure there are no exceptions buried in your logs anywhere?
I don't follow your hotmail example either. Are you talking about container-managed logins or roll-your-own?
Adam
On 10/20/2003 12:41 PM Brian McSweeney wrote:
It still isn't switching back to http for other actions when I specify
<set-property property="secure" value="false"/>
Perhaps I have to replace all <html:form tags with
<sslext:form tags even when
<set-property property="secure" value="false"/>
At any rate, it doesn't seem to work the way I thought it would.
For example, if you log into hotmail, it sends the username and password over ssl, and then switches back to http for the resulting pages. This it would seem is impossible to do with sslext because in order to switch back to http, you must call another action which has:
<set-property property="secure" value="false"/>
Correct me if I'm wrong with any of this.
Thanks for all the help, Brian
-----Original Message-----
From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 18 October 2003 09:29
To: Struts Users Mailing List
Subject: Re: Help setting up sslext
The only time the protocol switches automatically (read: tomcat switches
it automatically) is when you specify SSL in the web.xml for a URL.
To get it to switch back from SSL into unencrypted, putting
<set-property property="secure" value="false"/>
in the action mapping is necessary.
HTH Adam
On 10/17/2003 04:53 PM Brian McSweeney wrote:
<param-value>org.apache.struts.action.SecureActionMapping</param-value>I've put in the change in the action-mappings in the struts-config.xml file
<action-mappings type="org.apache.struts.config.SecureActionConfig">
but the problem is, ssl doesn't seem to be switching at all. The action runs in https when I say it should, but all other actions then continue to run in https. I was under the impression that they'd switch back to normal http. Is this not correct?
-----Original Message----- From: Adam Hardy On 10/16/2003 05:13 PM Brian McSweeney wrote:
a) Change the action-mappings in the struts-config.xml file <action-mappings
type="org.apache.struts.config.SecureActionConfig">
b) Change the web.xml file as follows: <servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<!-- Struts Config --> <init-param> <param-name>config</param-name> <param-value>/WEB-INF/struts-config.xml</param-value> </init-param>
<init-param> <param-name>mapping</param-name>
</init-param>
could someone tell me if either of these steps are necessary, or what else is necessary?
Hi Brian, your (a) is definitely necessary to enable this:
<action path="/staticjavascriptssl" forward="/WEB-INF/general/staticjavascript.jsp"> <set-property
property="secure" value="true"/> </action>
I have not used, or heard of before, your (b). Perhaps it has the same effect as (a).
-- -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
