I have been struggling with getting SSL to work with some pages in my application. I am using Struts on Tomcat 4.1. What I am looking to do is to have certain pages redirect to https, but the rest of the pages use http. I don't want to use redirects as this will show the jsp instead of the action call. I saw on the struts faq on apache a reference to sslext on sourceforge. Has anyone used this? Does anyone recommend it? Anyone have other solutions? Thanks for any help Brad
posted 13 years ago
which version of struts are you using? this has been discussed at length on the dev list and i thought somebody came up with a solution? thinking about it, i seem to remember that the conclusion from many people was that an SSL site should be treated as a seperate entity for security's sake and therefore you should maybe deploy a seperate sll struts application if you want to hide the jsp pages being deployed. btw, i certainly remember the guys saying that best practices should only be followed as far as they help you. if you are avoiding jsps for maintaining pure model 2 then i wouldnt worry too much about that, especially since (off the top of my head) it allows you to get around your problem, avoid treating two seperate entities into one.
chanoch<p><a href="http://www.amazon.com/exec/obidos/ASIN/1861007736/" target="_blank" rel="nofollow">Author of Professional Apache Tomcat</a></p>