I'm working on a webapp where some of the pages should be accessed through HTTPS and others through HTTP.
For example, login and registration need to be secure, but once the registration is done and we go to the user home page, we can go back to the nonsecure site.
All pages, secure and nonsecure, are being served by the same Tomcat instance.
I'm wondering about the best way to handle this in the struts config file. If you are allowed to put absolute URLS in a forward "path" attribute, that could be one solution, but it loses portability and that file has to be edited every time we want to deploy the app to another machine with another hostname.
The action contains multiple forwards, all of which will continue to be served by https since we started with an https url. But I want at least one of those forwards to return to the nonsecure site. (I also want to do the converse).
You will need to write a filter that will check to see if the page is using http or https. If the requested page is in a non-secure area, send a redirect to the user's browser with the corrected url. You can do the same going the other way from http to https.
The squeaky wheel gets the grease. Well, that or replaced...