Hi everibody,
it'ss the first time I'm writing to this list, I hope I'm not annoying anyone.
I'm using the ssl extension library for Struts (sslext) to switch
between encrypted and unencrypted pages in my webapp. Everything works
fine excerpt for the login page, which is handled by the servlet
authentication mechanism. Some excerpt from my config files follow:
------------ web.xml ------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected actions and pages</web-resource-name>
<description>no description</description>
<url-pattern>*.do</url-pattern>
<url-pattern>/index.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>TestUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/WEB-INF/jsp/logon/logon.jsp</form-login-page>
<form-error-page>/WEB-INF/jsp/logon/logonError.jsp</form-error-page>
</form-login-config>
</login-config>
------------ web.xml ------------------
------------- struts-config.xml ------------
<action-mappings type="org.apache.struts.config.SecureActionConfig">
<action forward="/WEB-INF/jsp/logon/logon.jsp" path="/logon" >
<set-property property="secure" value="true"/>
</action>
<action input="page.clientHome" name="accountForm"
path="/openClient" scope="session"
type="com.ciccio.pasticcio.web.actions.OpenClientAction"
validate="true" >
<set-property property="secure" value="false"/>
</action>
</action-mappings>
.....
<controller
processorClass="org.apache.struts.action.SecureTilesRequestProcessor"
/>
<plug-in className="org.apache.struts.action.SecurePlugIn">
<set-property property="httpPort" value="8080"/>
<set-property property="httpsPort" value="8443"/>
<set-property property="enable" value="true"/>
<set-property property="addSession" value="false"/>
</plug-in>
------------- struts-config.xml ------------
First I tried adding at the top of logon.jsp these lines:
<%@ taglib uri="/WEB-INF/tld/sslext.tld" prefix="sslext"%>
<sslext:pageScheme secure="true" />
but when I try to access a protected url (ie.
http://localhost:8080/testapp/openClient.do) I have an error:
'The requested resource (/testapp/WEB-INF/jsp/logon/logon.jsp) is not
available.'
So I got rid of the sslext tag and I modified the web.xml <login-config> as
<form-login-page>/logon.do</form-login-page>
Now encryption works and the logon page appears on a secure channel,
but when I push the form login button the user (while authenticated)
is not redirected to the original URL he has entered (openClient) but
remains in the login page. It seems the URL got lost by the container
because of the http -> https redirection.
I've tried with
<action include="/WEB-INF/jsp/logon/logon.jsp" path="/logon" >
but the behaviour was not changing. I tested with IE 6.0 and Firefox 1.0.4
Can anyone help me?
TREMALNAIK
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
