I am trying to attempt to make a web-page where one goes to as a http
page, and in the page, one goes
to a form which does a https form submit (this works fine), the action
does the loggign-in, and forwards back
to the same page, but this time as a logged in user - going back to
the original page should be a http page with
no parameters showing in the URL address line (the second is not working).
NO PARAMETERS are shown in the URL line, however, the final page is a
https page.
from struts-config.xml
action-mappings type=org.apache.struts.config.SecureActionConfig
..
..
action path=/loginAction scope=session input=/index.jsp
type=my.actions..LoginAction name=loginMondoLoungeForm
validate=true parameter=method
set-property property=secure value=true /
forward name=main path=/index.jsp/
/action
..
/action-mappings
the method in the LoginAction :
public ActionForward login(ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response) throws
IOException, ServletException
{
DynaValidatorForm dvf = (DynaValidatorForm) form;
logger.debug(DOINGLOGIN+(String)dvf.get(login));
BLAH BLAH BLAH...
return mapping.findForward(main);
}
From the JSP (index.jsp) :
sslext:form action=/loginAction onsubmit=return
validateLoginMondoLoungeForm(this);
tr
tdfont class=mondotextbean:message
key=mondolounge.login//font/td
tdhtml:text property=login maxlength=12 size=12//td
/tr
tr
tdfont class=mondotextbean:message
key=mondolounge.password//font/td
tdhtml:password property=password maxlength=12
size=12//td
/tr
tr
tdhtml:resetbean:message
key=mondolounge.reset//html:reset/td
tdhtml:submit property=method styleClass=button
bean:message key=mondolounge.login//html:submit/td
/tr
/sslext:formtrtd colspan=2
*** the above JSP clippet generates this HTML in the
index.jsp when going there the first time
div class=thinline
form name=searchMondoloungeForm method=post
action=/searchMondolounge.do;jsessionid=S_2YSyQv3EZNWEEE2ocP7_s:-1
table border=0
tr
td valign=topinput type=text name=keyword maxlength=12 size=12 value=nbsp;input
type=submit name=method value=Search class=button/td
..
which looks ok to me - i kind of wish that jsessionid was not in the parameter...
**
after the form is 'processed', and we are back in the index.jsp (as a
https page), looking at the form again by doing
a show source in the browser reveals that the form is :
form name=searchMondoloungeForm method=post
action=/searchMondolounge.do;jsessionid=DWI-x86vjgPVaplmixtkEWu:-1
table border=0
tr
td valign=topinput type=text name=keyword maxlength=12 size=12 value=nbsp;input
type=submit name=method value=Search class=button/td
Now note that there is no http or https in front of /searchMondolounge.do which would
indicate to me that it will use the
BASE URL, which in this case is actualy https. I get no warning from my browser if i
submit again, which means that the above
form can be re-submitted securely.
Regards, Aleksandar.
Ditlinger, Steve wrote:
If I understand your problem correctly...I think if you specify
redirect=true on your forward mapping for the posting action, you will be
sure to dump the request parameters by the time the subsequent page is
displayed.
Of course, you can always just allow the subsequent page to be displayed via
https also. Then switch protocols back to http for all links from that
page.
Steve
-Original Message-
From: Aleksandar Matijaca [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2003 5:35 PM
To: Struts Users Mailing List
Subject: Re: SSLEXT- https to http QueryString shows up?
Hi there,
I have experienced EXACTLY the same problem also - I wish I had a fix
for it... I will come back to
that problem sometime, for now, I am concentrating on other
parts of my
project. I did however manage
to do something else, and that is, from, HTTP page, to have a
https form
submit, and then when the action
forwards to the same JSP (the one that sent out the https
submit) for it
to be seen as a regular http page.
So it is done as:
http page -https submit-http page
In the jsp page that has the form, you do a:
sslext:pageScheme secure=false /
in the same jsp, you can have the form
sslext:form .
/sslext:form
then, when you do a forward to itself, everything is fine,..., and you
see your page as in http
Regards, a.m.
Mounagurusamy, Jayakumar (HAL) wrote:
SSLEXT really works great for me when I switch from http to
https. Well
when I am in https mode I submit a form as post methods, however the
subsequent page