Hi Tony, Thanks for the reply. I use an interceptor to check the HttpServletRequest's isSecure() method in order to determine it if is secure or not. I've never used the HttpServletResponse object and I'm not sure how to redirect to the same address but with https. The redirecting won't be to only one page, but will depend on the request. All of the pages in my web app are controlled by actions, so there's no data being sent from one page to another without the original page being intercepted to check for ssl usage. Please let me know how to use HttpServletResponse for redirecting.
Thanks, Session > It may be an ugly hack, but it has worked for some of my actions. If you > return null instead of the action name to be invocated, you can use a > response object to send information directly to the user. The > HttpServletRequest object has method isSecure() which you can use to > determine whether the request is secure or not. If it's not use the > HttpServletResponse object to redirect the user to the secure location. > > The other approach is to make a plain simple filter to do this, since you > probably won't need any of the Struts features for this kind of task. > > But this shouldn't be used for anything but simple front page redirects. > If the user sends a non-SSL request then he has already sent all the > information unprotected across the internet, and just redirecting him to > an SSL-protected page doesn't really help in securing the application. > > On 7/10/07, Session A Mwamufiya <[EMAIL PROTECTED]> wrote: >> >> Hi All, >> >> I've installed SSL on my JBoss container (it works) and have created an >> interceptor that checks that the requests to my web app are secure >> (using https). I would like to redirect all non-secure requests to use >> ssl and have https in the address. How can this be done? I'm not sure >> how to tweak the request object or the action invocation to make this >> happen. >> >> Thanks, Session >> >> >> --------------------------------------------------------------------- To >> unsubscribe, e-mail: [EMAIL PROTECTED] For additional >> commands, e-mail: [EMAIL PROTECTED] >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
