Can you guide me the way how to use SSL in struts2 i am looking in to this
IDE i am using is MyEclispe
and i am testing it using tomcat
On Fri, Jan 23, 2009 at 7:33 PM, Paweł Wielgus <poulw...@gmail.com> wrote:
> Hi Shekher,
> all my testing was under SSL connection. So without pragma and cache
> control it's not working - sadly.
>
> Best greetings,
> Paweł Wielgus.
>
> 2009/1/22 shekher awasthi <shekher.awas...@gmail.com>:
> > Hi Paweł,
> >
> > another way we can do this by using SSL
> > as we are dealing in secure zone so using SSL for this might be a good
> case.
> >
> > the application i have seen so far who have dealt with this back/forward
> > button always using HTTPS protocol.
> >
> > i am also diving in to this case study and will share the results
> >
> >
> > On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote:
> >>
> >> one of the banking application site which i tested today
> >>
> >> when user get logged off from and try to hit the back button he will be
> >> shown a different page
> >> instead the one in the cache
> >> so i am also loking in to this aspect.
> >>
> >>
> >> On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote:
> >>>
> >>> using javascript is not a sure short solution
> >>> as i tested it throughly and javascript behaviour is not consistent
> >>> throught
> >>>
> >>> regarding setting header i did this i developed a custom interceptor
> which
> >>> is doing this
> >>>
> >>> but again its not worked as expected.
> >>> i am still clueless how online banking application doing this trick
> >>>
> >>> i am still on R&D mode for this if find anything will share it
> >>>
> >>>
> >>> On 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote:
> >>>>
> >>>> Hi Ehtesham,
> >>>> it was said before on this thread that user can simply turn of
> >>>> javascript whenever he wants,
> >>>> thats why i was looking for more server controlled solution. But thank
> >>>> You for pointing it out, You made me to add it to my blog post.
> >>>>
> >>>> Best greetings,
> >>>> Paweł Wielgus.
> >>>>
> >>>> 2009/1/22 Ehteshamul Haque <ehsho...@yahoo.com>:
> >>>> >
> >>>> >
> >>>> >
> >>>> > Hi,
> >>>> >
> >>>> > I am not that much expert I I used the following javascript code
> before
> >>>> in each page and it workded fine.
> >>>> >
> >>>> >
> >>>> > <script language="JavaScript">
> >>>> > var x=window.history.length;
> >>>> > if (window.history[x]!=window.location)
> >>>> > {
> >>>> > window.history.forward();
> >>>> > }
> >>>> > </script>
> >>>> >
> >>>> > If it work for you I will be very happy.
> >>>> >
> >>>> > Thank you.
> >>>> >
> >>>> > -Ehtesham
> >>>> >
> >>>> >
> >>>> > --- On Thu, 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote:
> >>>> >
> >>>> > From: Paweł Wielgus <poulw...@gmail.com>
> >>>> > Subject: Re: Handling Browser Back/Forward Button in Struts2
> >>>> > To: "Struts Users Mailing List" <user@struts.apache.org>
> >>>> > Date: Thursday, January 22, 2009, 12:34 AM
> >>>> >
> >>>> > Hi Shekher,
> >>>> > it was very interesting subject, so i dig a little more.
> >>>> > Here [1] is what i found, with some tests.
> >>>> > Basicly it turns out that You should add headers in page and to
> >>>> response.
> >>>> >
> >>>> > [1] -
> >>>>
> http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html
> >>>> >
> >>>> > Best greetings,
> >>>> > Paweł Wielgus.
> >>>> >
> >>>> > 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>:
> >>>> >> Is it possible that either i should only put these header in the
> >>>> logout
> >>>> >> action
> >>>> >>
> >>>> >> where i am removing the session and den redirecting the user to
> index
> >>>> page
> >>>> >> something like this
> >>>> >>
> >>>> >> HttpServletResponse response=null;
> >>>> >> response=ServletActionContext.getResponse();
> >>>> >>
> >>>> >> response.setHeader("Pragma", "no-cache");
> >>>> >> response.setHeader("Cache-Control", "no-cache");
> >>>> >> response.setHeader("Expires", "0");
> >>>> >>
> >>>> >> or can we create a interceptor which can do this for all the
> request
> >>>> wheer
> >>>> >> we want this feature??
> >>>> >>
> >>>> >> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>
> >>>> >>
> >>>> >>> i tried using setting the eader values but they are not working as
> >>>> expected
> >>>> >>> i can even
> >>>> >>>
> >>>> >>> go and move back using broswer back button.
> >>>> >>>
> >>>> >>> if i will find anything helpfull will share with you
> >>>> >>> till then hard luck
> >>>> >>> :)
> >>>> >>>
> >>>> >>> 2009/1/21 Paweł Wielgus <poulw...@gmail.com>
> >>>> >>>
> >>>> >>> Hi Shekher,
> >>>> >>>> what i meant is that it can be done from server side.
> >>>> >>>> Check for example Your e-banking application, i did it on mine
> :-).
> >>>> >>>> There, when You press back button browser won't serve You cached
> >>>> page
> >>>> >>>> but ask server for fresh one - this is controlled with
> content-cache
> >>>> >>>> and pragma, but i can't be more helpfull to You here because i
> >>>> haven't
> >>>> >>>> done it before.
> >>>> >>>>
> >>>> >>>> Best greetings,
> >>>> >>>> Paweł Wielgus.
> >>>> >>>>
> >>>> >>>>
> >>>> >>>> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>:
> >>>> >>>> > Hi Paweł,
> >>>> >>>> >
> >>>> >>>> > thats true it only send request to server if i will refresh
> the
> >>>> page
> >>>> >>>> and
> >>>> >>>> > for that i have already custom interceptor places which is
> >>>> checking the
> >>>> >>>> user
> >>>> >>>> > object in session in order to confirm that the request is from
> >>>> >>>> authorized
> >>>> >>>> > user
> >>>> >>>> >
> >>>> >>>> > but when i make use of back button it serve the page from the
> >>>> local
> >>>> >>>> > chache,so the problem is related to client side more than that
> of
> >>>> server
> >>>> >>>> > handling
> >>>> >>>> >
> >>>> >>>> > still trying to find a firm solution for it
> >>>> >>>> >
> >>>> >>>> > 2009/1/20 Paweł Wielgus <poulw...@gmail.com>
> >>>> >>>> >
> >>>> >>>> >> Hi Shekher,
> >>>> >>>> >> first try this scenario:
> >>>> >>>> >> 1. logout user
> >>>> >>>> >> 2. back button - check for logs if action was fired
> >>>> >>>> >> 3. refresh page - check for logs if action was fired
> >>>> >>>> >> Most likely only the 3. will fire action because browser will
> >>>> serve
> >>>> >>>> >> cached version of that page.
> >>>> >>>> >> I was about to write that to deal with it You can use https
> >>>> scheme,
> >>>> >>>> >> but i just got it checked and it's not true. So maybe using
> >>>> pragma and
> >>>> >>>> >> or cache-control will do?
> >>>> >>>> >>
> >>>> >>>> >> Still user can disable javascript so solution with script
> might
> >>>> not
> >>>> >>>> work.
> >>>> >>>> >> If You find out anything more please let us know.
> >>>> >>>> >>
> >>>> >>>> >> Best greetings,
> >>>> >>>> >> Paweł Wielgus.
> >>>> >>>> >>
> >>>> >>>> >>
> >>>> >>>> >> 2009/1/20 Robert Graf-Waczenski <r...@lsoft.com>:
> >>>> >>>> >> > You don't write if the browser back button is supposed to
> be
> >>>> >>>> functional
> >>>> >>>> >> in
> >>>> >>>> >> > your application (in many cases it is not, but YMMV).
> >>>> >>>> >> >
> >>>> >>>> >> > If you want to disable the browser back button, use the code
> >>>> below in
> >>>> >>>> all
> >>>> >>>> >> > your pages:
> >>>> >>>> >> >
> >>>> >>>> >> > <script type="text/javascript">
> >>>> >>>> >> > history.forward();
> >>>> >>>> >> > </script>
> >>>> >>>> >> >
> >>>> >>>> >> > I'm not aware of any feature in Struts2 that deals with the
> >>>> browser
> >>>> >>>> back
> >>>> >>>> >> > button.
> >>>> >>>> >> >
> >>>> >>>> >> > Robert
> >>>> >>>> >> >
> >>>> >>>> >> >
> >>>> >>>> >> > shekher awasthi wrote:
> >>>> >>>> >> >>
> >>>> >>>> >> >> Hi All,
> >>>> >>>> >> >>
> >>>> >>>> >> >> in the process of developing application using struts
> 2.0.11,
> >>>> i came
> >>>> >>>> >> >> across
> >>>> >>>> >> >> the problem of handling browser back/forward button.
> >>>> >>>> >> >>
> >>>> >>>> >> >> This problem is occurring when we will logout the user.On
> >>>> Clicking
> >>>> >>>> the
> >>>> >>>> >> >> logout button we are currently removing the user from the
> >>>> session
> >>>> >>>> >> >>
> >>>> >>>> >> >> and it worked fine for us. After the successful logout
> process
> >>>> user
> >>>> >>>> will
> >>>> >>>> >> >> be
> >>>> >>>> >> >> redirected to the index page(which have the login field),
> >>>> >>>> >> >>
> >>>> >>>> >> >> but when user hits the browser back button he is getting
> >>>> himself
> >>>> >>>> there
> >>>> >>>> >> in
> >>>> >>>> >> >> the secure page even we have remove the user object from
> the
> >>>> session
> >>>> >>>> >> >>
> >>>> >>>> >> >> below is the code we are using for removing the user
> >>>> >>>> >> >>
> >>>> >>>> >> >> session.remove(BSConstant.USER);
> >>>> >>>> >> >>
> >>>> >>>> >> >> i am clueless where we are doing wrong , as we think we are
> >>>> having
> >>>> >>>> two
> >>>> >>>> >> >> points
> >>>> >>>> >> >>
> >>>> >>>> >> >> 1) Either the user is not getting removed from the
> session,but
> >>>> the
> >>>> >>>> >> chances
> >>>> >>>> >> >> are very less as for all other call after logout it is
> forcing
> >>>> the
> >>>> >>>> user
> >>>> >>>> >> to
> >>>> >>>> >> >> login first.
> >>>> >>>> >> >>
> >>>> >>>> >> >> 2) Back button handling is not there
> >>>> >>>> >> >>
> >>>> >>>> >> >> my question is, Is there any way in struts2 to handle
> browser
> >>>> >>>> >> back/forward
> >>>> >>>> >> >> button or do i need to use some other technique like
> >>>> >>>> >> >>
> >>>> >>>> >> >> setting response header
> >>>> >>>> >> >>
> >>>> >>>> >> >> any suggestion in this regard will be much appreciated.
> >>>> >>>> >> >>
> >>>> >>>> >> >> -s
> >>>> >>>> >> >>
> >>>> >>>> >> >>
> >>>> >>>> >> >
> >>>> >>>> >> >
> >>>> >>>> >> >
> >>>> ---------------------------------------------------------------------
> >>>> >>>> >> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> >>>> >>>> >> > For additional commands, e-mail:
> user-h...@struts.apache.org
> >>>> >>>> >> >
> >>>> >>>> >> >
> >>>> >>>> >>
> >>>> >>>> >>
> >>>> ---------------------------------------------------------------------
> >>>> >>>> >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> >>>> >>>> >> For additional commands, e-mail: user-h...@struts.apache.org
> >>>> >>>> >>
> >>>> >>>> >>
> >>>> >>>> >
> >>>> >>>>
> >>>> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> >>>> >>>> For additional commands, e-mail: user-h...@struts.apache.org
> >>>> >>>>
> >>>> >>>>
> >>>> >>>
> >>>> >>
> >>>> >
> >>>> >
> ---------------------------------------------------------------------
> >>>> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> >>>> > For additional commands, e-mail: user-h...@struts.apache.org
> >>>> >
> >>>> >
> >>>> >
> >>>> >
> >>>> >
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> >>>> For additional commands, e-mail: user-h...@struts.apache.org
> >>>>
> >>>>
> >>>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>
