This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Struts and the fly likes How to change to secure ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "How to change to secure ?" Watch "How to change to secure ?" New topic
Author

How to change to secure ?

somkiat puisungnoen
Ranch Hand

Joined: Jul 04, 2003
Posts: 1312
How to change to secure ?

i want to change
http://test.com/testapp
to
https://test.com/testapp

Reason to do this :
i want to change to secure in HTTP Protocol.





SCJA,SCJP,SCWCD,SCBCD,SCEA I
Java Developer, Thailand
Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982
You need to create a digitial certificate, so that SSL will use the key inside the cert. to perform encryption for the exchange key during the session.

You also need to create a port that binds to HTTPS, instead of port 80. Usually HTTPS uses port 443, but you can configure it to any port that greater than 1024.

Nick
[ May 18, 2004: Message edited by: Nicholas Cheung ]

SCJP 1.2, OCP 9i DBA, SCWCD 1.3, SCJP 1.4 (SAI), SCJD 1.4, SCWCD 1.4 (Beta), ICED (IBM 287, IBM 484, IBM 486), SCMAD 1.0 (Beta), SCBCD 1.3, ICSD (IBM 288), ICDBA (IBM 700, IBM 701), SCDJWS, ICSD (IBM 348), OCP 10g DBA (Beta), SCJP 5.0 (Beta), SCJA 1.0 (Beta), MCP(70-270), SCBCD 5.0 (Beta), SCJP 6.0, SCEA for JEE5 (in progress)
Jose Zaleta
Greenhorn

Joined: Mar 04, 2004
Posts: 15
Besides your digital certificate and properly configured web server with an https port, you can use an struts extension called sslext.

Check: http://sslext.sourceforge.net/

You can define security configuration on a per page basis, just like this:
<%@ taglib uri="/WEB-INF/sslext.tld" prefix="sslext"%>
<sslext ageScheme secure="true"/>

And you configure which port to use in your struts-config.xml:
<plug-in className="org.apache.struts.action.SecurePlugIn">
<set-property property="httpPort" value="80" />
<set-property property="httpsPort" value="443" />
<set-property property="enable" value="true" />
</plug-in>

If an http request comes in and the page secure attribute is set to true, it will automatically be redirected to the https port.

Let me know if you need any futher assistance.


SCJP, SCWCD, SCEA
Jeremy Davis
Greenhorn

Joined: Feb 07, 2003
Posts: 17
The sslext extension is easy to use and quite useful. It allows you to define forwards as secure, insecure, or either and preserves your session information across secure insecure requests.
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
Are there plans to incorporate the sslext plugin into the standard Struts distribution? To me, this sounds like something that should be part of the "core" Struts.


Author of Test Driven (2007) and Effective Unit Testing (2013) [Blog] [HowToAskQuestionsOnJavaRanch]
somkiat puisungnoen
Ranch Hand

Joined: Jul 04, 2003
Posts: 1312
thank you for all answer , that work ..


GANESH LAKSHMANAN
Greenhorn

Joined: Apr 19, 2006
Posts: 2
Hi,
I am facing problem with sslext with Tiles.
I am Struts 1.2.8 with Tiles,Velocity Menu & sslext-1.2 .
Problem is :
1. I'm linking from one page to another page with as the following URL with https:
<a href="https://localhost:8443/web/formAction.do"> SSL</a>
2. That is Action with ".do".
3. In struts-config.xml
<action path="/formAction" type="test.ssl.NullAction">

This is just forward to the required form (form.jsp). So, if we activate hit the URL as http://localhost:8080/web/formAction.do - (No https)
the form will show properly (No URL Change)

4.But in form.jsp, if we add the following lines:
<%@ taglib uri="/WEB-INF/StrutsConfig/sslext.tld" prefix="sslext" %>
<sslext ageScheme secure="false"/>
Because the page should come http (Not https)
5. Using https link if we click, Shows security alert for moving to secured page, then once shows alert message moving to non secured page.
But the URL is
http://localhost:8080/web/form.jsp;jsessionid=E9FAA9E74623B4C60FFEC265BC76CD56.
Instead of http://localhost:8080/web/formAction.do .

What is the problem how we can resolve this?. Becuse of this is , template based tiles is not working properly.
All Suggestions are welcomes and my advance thanks
you can reach me lenaganesh@yahoo.com
L.GANESH.
 
 
subject: How to change to secure ?
 
Similar Threads
Web Application Root
javax.net.ssl.SSLException: error while writing to socket
how to deploy a web application on root of tomcat ?
Cross window scripting.
Request Parameters