This week's giveaway is in the Spring forum.
We're giving away four copies of Learn Spring Security (video course) and have Eugen Paraschiv on-line!
See this thread for details.
Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to change to secure ?

 
somkiat puisungnoen
Ranch Hand
Posts: 1312
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How to change to secure ?

i want to change
http://test.com/testapp
to
https://test.com/testapp

Reason to do this :
i want to change to secure in HTTP Protocol.



 
Nicholas Cheung
Ranch Hand
Posts: 4982
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to create a digitial certificate, so that SSL will use the key inside the cert. to perform encryption for the exchange key during the session.

You also need to create a port that binds to HTTPS, instead of port 80. Usually HTTPS uses port 443, but you can configure it to any port that greater than 1024.

Nick
[ May 18, 2004: Message edited by: Nicholas Cheung ]
 
Jose Zaleta
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Besides your digital certificate and properly configured web server with an https port, you can use an struts extension called sslext.

Check: http://sslext.sourceforge.net/

You can define security configuration on a per page basis, just like this:
<%@ taglib uri="/WEB-INF/sslext.tld" prefix="sslext"%>
<sslext ageScheme secure="true"/>

And you configure which port to use in your struts-config.xml:
<plug-in className="org.apache.struts.action.SecurePlugIn">
<set-property property="httpPort" value="80" />
<set-property property="httpsPort" value="443" />
<set-property property="enable" value="true" />
</plug-in>

If an http request comes in and the page secure attribute is set to true, it will automatically be redirected to the https port.

Let me know if you need any futher assistance.
 
Jeremy Davis
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The sslext extension is easy to use and quite useful. It allows you to define forwards as secure, insecure, or either and preserves your session information across secure insecure requests.
 
Lasse Koskela
author
Sheriff
Posts: 11962
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are there plans to incorporate the sslext plugin into the standard Struts distribution? To me, this sounds like something that should be part of the "core" Struts.
 
somkiat puisungnoen
Ranch Hand
Posts: 1312
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thank you for all answer , that work ..


 
GANESH LAKSHMANAN
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am facing problem with sslext with Tiles.
I am Struts 1.2.8 with Tiles,Velocity Menu & sslext-1.2 .
Problem is :
1. I'm linking from one page to another page with as the following URL with https:
<a href="https://localhost:8443/web/formAction.do"> SSL</a>
2. That is Action with ".do".
3. In struts-config.xml
<action path="/formAction" type="test.ssl.NullAction">

This is just forward to the required form (form.jsp). So, if we activate hit the URL as http://localhost:8080/web/formAction.do - (No https)
the form will show properly (No URL Change)

4.But in form.jsp, if we add the following lines:
<%@ taglib uri="/WEB-INF/StrutsConfig/sslext.tld" prefix="sslext" %>
<sslext ageScheme secure="false"/>
Because the page should come http (Not https)
5. Using https link if we click, Shows security alert for moving to secured page, then once shows alert message moving to non secured page.
But the URL is
http://localhost:8080/web/form.jsp;jsessionid=E9FAA9E74623B4C60FFEC265BC76CD56.
Instead of http://localhost:8080/web/formAction.do .

What is the problem how we can resolve this?. Becuse of this is , template based tiles is not working properly.
All Suggestions are welcomes and my advance thanks
you can reach me lenaganesh@yahoo.com
L.GANESH.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic