What causes the framework to use the SecureRequestProcessor. Do I have to set an init-param in web.xml for the ActionServlet ?
-----Original Message----- From: Jim Kennedy [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 4:47 PM To: 'Struts Users Mailing List' Subject: RE: Trouble with SSL and struts using sslext I added this to web.xml: <security-constraint> <web-resource-collection> <web-resource-name>login page</web-resource-name> <description></description> <url-pattern>/login</url-pattern> <http-method> GET</http-method> <http-method> POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> This did not work. System hangs. Never brings up the login form. The examples I've seen don't do this. I don't think that you have to. I do know this. From the debug log I am still using the standard RequestProcessor, not the SecureRequestProcessor. I do I change this class to use the correct one for the sslext technique. -----Original Message----- From: Jim Kennedy [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 4:01 PM To: 'Struts Users Mailing List' Subject: RE: Trouble with SSL and struts using sslext I've made no changes to my web.xml. Should I define a user data constraint? I hesitated doing that because the login page is not under security. -----Original Message----- From: Jim Barrows [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 3:53 PM To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: RE: Trouble with SSL and struts using sslext > -----Original Message----- > From: Jim Kennedy [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 22, 2004 12:50 PM > To: 'Struts Users Mailing List' > Subject: Trouble with SSL and struts using sslext > > > I can't seem to get any of my action to go under https. The config > seems fairly simple but I must be missing something. I want some > pages to be under SSL and others not to. > > Here is my config: > > Struts-config.xml (snippet only) Where's the web.xml? You specify it in there as well.... transport something this the tag iirc. > > <!-- ========== Action Mapping Definitions > ============================== > --> > <action-mappings > type="org.apache.struts.config.SecureActionConfig"> > > > <action path="/login" > > type="org.apache.struts.actions.ForwardAction" > > parameter="/tmpl_main.jsp?pageleft=/mainmenu.jsp&pagecente > r=/login.jsp&a > mp;pageright=/rightmenu.jsp&pagetitle=home.title.key" > > <set-property property="secure" value="true"/> > </action> > > > > Also.... > > <!-- ========== Plug Ins Configuration > ================================== > --> > <plug-in > className="org.apache.struts.validator.ValidatorPlugIn"> > <set-property property="pathnames" > value="/WEB-INF/validator-rules.xml, > > /WEB-INF/validation.xml"/> > </plug-in> > > <plug-in className="org.apache.struts.action.SecurePlugIn"> > <set-property property="httpPort" value="8080"/> > <set-property property="httpsPort" value="443"/> > <set-property property="enable" value="true"/> > <set-property property="addSession" value="true"/> > </plug-in> > > > > I have placed the sslext.jar in the lib directory. Assuming I have > the other necessary jars out there, what else is there left to do? I > am using form based auth. I am not using any of the ssl tag lib > extensions. Don't really won't to. > > > Thanks > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]