Can you guide me the way how to use SSL in struts2 i am looking in to this IDE i am using is MyEclispe
and i am testing it using tomcat On Fri, Jan 23, 2009 at 7:33 PM, Paweł Wielgus <poulw...@gmail.com> wrote: > Hi Shekher, > all my testing was under SSL connection. So without pragma and cache > control it's not working - sadly. > > Best greetings, > Paweł Wielgus. > > 2009/1/22 shekher awasthi <shekher.awas...@gmail.com>: > > Hi Paweł, > > > > another way we can do this by using SSL > > as we are dealing in secure zone so using SSL for this might be a good > case. > > > > the application i have seen so far who have dealt with this back/forward > > button always using HTTPS protocol. > > > > i am also diving in to this case study and will share the results > > > > > > On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote: > >> > >> one of the banking application site which i tested today > >> > >> when user get logged off from and try to hit the back button he will be > >> shown a different page > >> instead the one in the cache > >> so i am also loking in to this aspect. > >> > >> > >> On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote: > >>> > >>> using javascript is not a sure short solution > >>> as i tested it throughly and javascript behaviour is not consistent > >>> throught > >>> > >>> regarding setting header i did this i developed a custom interceptor > which > >>> is doing this > >>> > >>> but again its not worked as expected. > >>> i am still clueless how online banking application doing this trick > >>> > >>> i am still on R&D mode for this if find anything will share it > >>> > >>> > >>> On 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote: > >>>> > >>>> Hi Ehtesham, > >>>> it was said before on this thread that user can simply turn of > >>>> javascript whenever he wants, > >>>> thats why i was looking for more server controlled solution. But thank > >>>> You for pointing it out, You made me to add it to my blog post. > >>>> > >>>> Best greetings, > >>>> Paweł Wielgus. > >>>> > >>>> 2009/1/22 Ehteshamul Haque <ehsho...@yahoo.com>: > >>>> > > >>>> > > >>>> > > >>>> > Hi, > >>>> > > >>>> > I am not that much expert I I used the following javascript code > before > >>>> in each page and it workded fine. > >>>> > > >>>> > > >>>> > <script language="JavaScript"> > >>>> > var x=window.history.length; > >>>> > if (window.history[x]!=window.location) > >>>> > { > >>>> > window.history.forward(); > >>>> > } > >>>> > </script> > >>>> > > >>>> > If it work for you I will be very happy. > >>>> > > >>>> > Thank you. > >>>> > > >>>> > -Ehtesham > >>>> > > >>>> > > >>>> > --- On Thu, 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote: > >>>> > > >>>> > From: Paweł Wielgus <poulw...@gmail.com> > >>>> > Subject: Re: Handling Browser Back/Forward Button in Struts2 > >>>> > To: "Struts Users Mailing List" <user@struts.apache.org> > >>>> > Date: Thursday, January 22, 2009, 12:34 AM > >>>> > > >>>> > Hi Shekher, > >>>> > it was very interesting subject, so i dig a little more. > >>>> > Here [1] is what i found, with some tests. > >>>> > Basicly it turns out that You should add headers in page and to > >>>> response. > >>>> > > >>>> > [1] - > >>>> > http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html > >>>> > > >>>> > Best greetings, > >>>> > Paweł Wielgus. > >>>> > > >>>> > 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>: > >>>> >> Is it possible that either i should only put these header in the > >>>> logout > >>>> >> action > >>>> >> > >>>> >> where i am removing the session and den redirecting the user to > index > >>>> page > >>>> >> something like this > >>>> >> > >>>> >> HttpServletResponse response=null; > >>>> >> response=ServletActionContext.getResponse(); > >>>> >> > >>>> >> response.setHeader("Pragma", "no-cache"); > >>>> >> response.setHeader("Cache-Control", "no-cache"); > >>>> >> response.setHeader("Expires", "0"); > >>>> >> > >>>> >> or can we create a interceptor which can do this for all the > request > >>>> wheer > >>>> >> we want this feature?? > >>>> >> > >>>> >> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com> > >>>> >> > >>>> >>> i tried using setting the eader values but they are not working as > >>>> expected > >>>> >>> i can even > >>>> >>> > >>>> >>> go and move back using broswer back button. > >>>> >>> > >>>> >>> if i will find anything helpfull will share with you > >>>> >>> till then hard luck > >>>> >>> :) > >>>> >>> > >>>> >>> 2009/1/21 Paweł Wielgus <poulw...@gmail.com> > >>>> >>> > >>>> >>> Hi Shekher, > >>>> >>>> what i meant is that it can be done from server side. > >>>> >>>> Check for example Your e-banking application, i did it on mine > :-). > >>>> >>>> There, when You press back button browser won't serve You cached > >>>> page > >>>> >>>> but ask server for fresh one - this is controlled with > content-cache > >>>> >>>> and pragma, but i can't be more helpfull to You here because i > >>>> haven't > >>>> >>>> done it before. > >>>> >>>> > >>>> >>>> Best greetings, > >>>> >>>> Paweł Wielgus. > >>>> >>>> > >>>> >>>> > >>>> >>>> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>: > >>>> >>>> > Hi Paweł, > >>>> >>>> > > >>>> >>>> > thats true it only send request to server if i will refresh > the > >>>> page > >>>> >>>> and > >>>> >>>> > for that i have already custom interceptor places which is > >>>> checking the > >>>> >>>> user > >>>> >>>> > object in session in order to confirm that the request is from > >>>> >>>> authorized > >>>> >>>> > user > >>>> >>>> > > >>>> >>>> > but when i make use of back button it serve the page from the > >>>> local > >>>> >>>> > chache,so the problem is related to client side more than that > of > >>>> server > >>>> >>>> > handling > >>>> >>>> > > >>>> >>>> > still trying to find a firm solution for it > >>>> >>>> > > >>>> >>>> > 2009/1/20 Paweł Wielgus <poulw...@gmail.com> > >>>> >>>> > > >>>> >>>> >> Hi Shekher, > >>>> >>>> >> first try this scenario: > >>>> >>>> >> 1. logout user > >>>> >>>> >> 2. back button - check for logs if action was fired > >>>> >>>> >> 3. refresh page - check for logs if action was fired > >>>> >>>> >> Most likely only the 3. will fire action because browser will > >>>> serve > >>>> >>>> >> cached version of that page. > >>>> >>>> >> I was about to write that to deal with it You can use https > >>>> scheme, > >>>> >>>> >> but i just got it checked and it's not true. So maybe using > >>>> pragma and > >>>> >>>> >> or cache-control will do? > >>>> >>>> >> > >>>> >>>> >> Still user can disable javascript so solution with script > might > >>>> not > >>>> >>>> work. > >>>> >>>> >> If You find out anything more please let us know. > >>>> >>>> >> > >>>> >>>> >> Best greetings, > >>>> >>>> >> Paweł Wielgus. > >>>> >>>> >> > >>>> >>>> >> > >>>> >>>> >> 2009/1/20 Robert Graf-Waczenski <r...@lsoft.com>: > >>>> >>>> >> > You don't write if the browser back button is supposed to > be > >>>> >>>> functional > >>>> >>>> >> in > >>>> >>>> >> > your application (in many cases it is not, but YMMV). > >>>> >>>> >> > > >>>> >>>> >> > If you want to disable the browser back button, use the code > >>>> below in > >>>> >>>> all > >>>> >>>> >> > your pages: > >>>> >>>> >> > > >>>> >>>> >> > <script type="text/javascript"> > >>>> >>>> >> > history.forward(); > >>>> >>>> >> > </script> > >>>> >>>> >> > > >>>> >>>> >> > I'm not aware of any feature in Struts2 that deals with the > >>>> browser > >>>> >>>> back > >>>> >>>> >> > button. > >>>> >>>> >> > > >>>> >>>> >> > Robert > >>>> >>>> >> > > >>>> >>>> >> > > >>>> >>>> >> > shekher awasthi wrote: > >>>> >>>> >> >> > >>>> >>>> >> >> Hi All, > >>>> >>>> >> >> > >>>> >>>> >> >> in the process of developing application using struts > 2.0.11, > >>>> i came > >>>> >>>> >> >> across > >>>> >>>> >> >> the problem of handling browser back/forward button. > >>>> >>>> >> >> > >>>> >>>> >> >> This problem is occurring when we will logout the user.On > >>>> Clicking > >>>> >>>> the > >>>> >>>> >> >> logout button we are currently removing the user from the > >>>> session > >>>> >>>> >> >> > >>>> >>>> >> >> and it worked fine for us. After the successful logout > process > >>>> user > >>>> >>>> will > >>>> >>>> >> >> be > >>>> >>>> >> >> redirected to the index page(which have the login field), > >>>> >>>> >> >> > >>>> >>>> >> >> but when user hits the browser back button he is getting > >>>> himself > >>>> >>>> there > >>>> >>>> >> in > >>>> >>>> >> >> the secure page even we have remove the user object from > the > >>>> session > >>>> >>>> >> >> > >>>> >>>> >> >> below is the code we are using for removing the user > >>>> >>>> >> >> > >>>> >>>> >> >> session.remove(BSConstant.USER); > >>>> >>>> >> >> > >>>> >>>> >> >> i am clueless where we are doing wrong , as we think we are > >>>> having > >>>> >>>> two > >>>> >>>> >> >> points > >>>> >>>> >> >> > >>>> >>>> >> >> 1) Either the user is not getting removed from the > session,but > >>>> the > >>>> >>>> >> chances > >>>> >>>> >> >> are very less as for all other call after logout it is > forcing > >>>> the > >>>> >>>> user > >>>> >>>> >> to > >>>> >>>> >> >> login first. > >>>> >>>> >> >> > >>>> >>>> >> >> 2) Back button handling is not there > >>>> >>>> >> >> > >>>> >>>> >> >> my question is, Is there any way in struts2 to handle > browser > >>>> >>>> >> back/forward > >>>> >>>> >> >> button or do i need to use some other technique like > >>>> >>>> >> >> > >>>> >>>> >> >> setting response header > >>>> >>>> >> >> > >>>> >>>> >> >> any suggestion in this regard will be much appreciated. > >>>> >>>> >> >> > >>>> >>>> >> >> -s > >>>> >>>> >> >> > >>>> >>>> >> >> > >>>> >>>> >> > > >>>> >>>> >> > > >>>> >>>> >> > > >>>> --------------------------------------------------------------------- > >>>> >>>> >> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >>>> >>>> >> > For additional commands, e-mail: > user-h...@struts.apache.org > >>>> >>>> >> > > >>>> >>>> >> > > >>>> >>>> >> > >>>> >>>> >> > >>>> --------------------------------------------------------------------- > >>>> >>>> >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >>>> >>>> >> For additional commands, e-mail: user-h...@struts.apache.org > >>>> >>>> >> > >>>> >>>> >> > >>>> >>>> > > >>>> >>>> > >>>> >>>> > >>>> --------------------------------------------------------------------- > >>>> >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >>>> >>>> For additional commands, e-mail: user-h...@struts.apache.org > >>>> >>>> > >>>> >>>> > >>>> >>> > >>>> >> > >>>> > > >>>> > > --------------------------------------------------------------------- > >>>> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >>>> > For additional commands, e-mail: user-h...@struts.apache.org > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > >>>> --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >>>> For additional commands, e-mail: user-h...@struts.apache.org > >>>> > >>>> > >>> > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >