I've already solved this. I just put redirect="true" in the forward config and it's ok.
Thank you all. -----Original Message----- From: Joao Batistella [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 17 de março de 2004 18:51 To: 'Struts Users Mailing List' Subject: RE: SSLEXT It works! Thank you all!! Do you know how to hide the data were sent in the request? Now that I'm switching the protocol all the parameters that have been posted appears in the browser address like this: http://myhost:8080/myapp/initial.do;jsessionid=0AF3B29811F69DEE15CB0672EC248 5DA?password=test&login=test So, the user can see his user/password in the address. This could be a problem... Thanks again. -----Original Message----- From: Robert Taylor [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 17 de março de 2004 17:28 To: Struts Users Mailing List Subject: RE: SSLEXT Did you correct the typo in your original action mapping? You had: parameter="tiles.inicial" Instead of: parameter="tiles.initial" Also, as David already pointed out, make sure you are using SecureTilesPlugin, and SecureTilesRequestProcessor. When you say it doesn't work, do you get any error messages? robert > -----Original Message----- > From: Joao Batistella [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 17, 2004 12:10 PM > To: 'Struts Users Mailing List' > Subject: RE: SSLEXT > > > I've already tried. But this doesn't work... I don't understand why... > It seems that I'll have to create a page just to change the protocol. What > do you think? > > -----Original Message----- > From: Robert Taylor [mailto:[EMAIL PROTECTED] > Sent: quarta-feira, 17 de março de 2004 17:09 > To: Struts Users Mailing List > Subject: RE: SSLEXT > > > Hmmm. Okay, then try using your original action mapping def: > > <action path="/initial" > type="org.apache.struts.actions.ForwardAction" > parameter="tiles.initial"> > <set-property property="secure" value="false"/> > </action> > > robert > > > -----Original Message----- > > From: Joao Batistella [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, March 17, 2004 11:51 AM > > To: 'Struts Users Mailing List' > > Subject: RE: SSLEXT > > > > > > Thanks again. > > > > But now I have this error message: > > java.lang.IllegalArgumentException: Path tiles.initial does not start with > a > > "/" character > > > > This is because the following action: > > <action path="/initial" forward="tiles.initial"> > > <set-property property="secure" value="false"/> > > </action> > > > > Any idea? > > > > Thanks! > > > > -----Original Message----- > > From: Robert Taylor [mailto:[EMAIL PROTECTED] > > Sent: quarta-feira, 17 de março de 2004 16:35 > > To: Struts Users Mailing List > > Subject: RE: SSLEXT > > > > > > The following should work without changing any code in your LoginAction: > > > > <action path="/login" > > type="mypackage.LoginAction" > > name="formLogin" > > scope="request" > > input="/login.jsp"> > > <set-property property="secure" value="true"/> > > </action> > > > > My forward: > > <global-forwards> > > <forward name="initial" path="/prefix/initial"/> > > </global-forwards> > > > > My LoginAction after a sucessful login: > > return mapping.findForward("initial"); > > > > Now I have this action to forward to the tiles definition: > > <action path="/initial" forward="tiles.initial"> > > <set-property property="secure" value="false"/> > > </action> > > > > Note that "prefix" is what ever prefix you are using to invoke the > > Struts ActionServlet. > > > > robert > > > > > -----Original Message----- > > > From: Joao Batistella [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, March 17, 2004 11:19 AM > > > To: 'Struts Users Mailing List' > > > Subject: RE: SSLEXT > > > > > > > > > Thanks for your help. > > > Let me just check. > > > You mean, in LoginAction intead of forwarding to my tiles definition, > > > forward to another action? Or call another action? > > > > > > My struts-config.xml is this: > > > > > > Login action: > > > <action path="/login" > > > type="mypackage.LoginAction" > > > name="formLogin" > > > scope="request" > > > input="/login.jsp"> > > > <set-property property="secure" value="true"/> > > > </action> > > > > > > My forward: > > > <global-forwards> > > > <forward name="initial" path="tiles.initial"/> > > > </global-forwards> > > > > > > My LoginAction after a sucessful login: > > > return mapping.findForward("initial"); > > > > > > Now I have this action to forward to the tiles definition: > > > <action path="/initial" > > > type="org.apache.struts.actions.ForwardAction" > > > parameter="tiles.inicial"> > > > <set-property property="secure" value="false"/> > > > </action> > > > > > > What should I put in LoginAction in order to go to a non secure main > page? > > > Can I call another action? > > > > > > -----Original Message----- > > > From: Robert Taylor [mailto:[EMAIL PROTECTED] > > > Sent: quarta-feira, 17 de março de 2004 15:52 > > > To: Struts Users Mailing List > > > Subject: RE: SSLEXT > > > > > > > > > Yes. Instead of forwarding directly to the Tile, define an action which > > > simply forwards (or redirects) to that main page (tile) and > > > in that action mapping configuration define it to be secure using the > > > set-property element. > > > > > > robert > > > > > > > -----Original Message----- > > > > From: Joao Batistella [mailto:[EMAIL PROTECTED] > > > > Sent: Wednesday, March 17, 2004 10:39 AM > > > > To: 'Struts Users Mailing List' > > > > Subject: RE: SSLEXT > > > > > > > > > > > > Ok, but the main page is still in HTTPS. > > > > > > > > Let me try to explain the flow: > > > > > > > > 1. User enter with username and password > > > > 2. User submit the form to an HTTPS address > > > > 3. A LoginAction try to authenticate the user with the data > transmitted > > > > (username and password) with HTTPS protocol > > > > 4. LoginAction forward the user to the main page. <-- Here I want the > > user > > > > being forward to an HTTP address. There is no action defined after > > > > LoginAtion. LoginAction must be secure so the username and password > are > > > > trasmitted in a secure way. But after that, no more HTTPS is > necessary. > > > > > > > > Is there way in step 4 to forward the user to a non secure page? > > > > > > > > Thanks, > > > > JP > > > > > > > > -----Original Message----- > > > > From: Robert Taylor [mailto:[EMAIL PROTECTED] > > > > Sent: quarta-feira, 17 de março de 2004 15:29 > > > > To: Struts Users Mailing List > > > > Subject: RE: SSLEXT > > > > > > > > > > > > Okay. Then you should be able to place the following in your > > struts-config > > > > action mapping for the main page. > > > > > > > > <set-property property="secure" > > > > value="false"/> > > > > > > > > robert > > > > > > > > > -----Original Message----- > > > > > From: Joao Batistella [mailto:[EMAIL PROTECTED] > > > > > Sent: Wednesday, March 17, 2004 10:17 AM > > > > > To: 'Struts Users Mailing List' > > > > > Subject: RE: SSLEXT > > > > > > > > > > > > > > > I can't. Because my main page is not a page at all. It's a Tiles > > > > definition. > > > > > > > > > > Where can I find the documentation about SSLEXT? I mean the > > description > > > of > > > > > the tags? > > > > > > > > > > Thanks, > > > > > JP > > > > > > > > > > -----Original Message----- > > > > > From: Robert Taylor [mailto:[EMAIL PROTECTED] > > > > > Sent: quarta-feira, 17 de março de 2004 15:09 > > > > > To: Struts Users Mailing List > > > > > Subject: RE: SSLEXT > > > > > > > > > > > > > > > Use the <sslext:pageScheme secure="false"/> on the main page. > > > > > This should switch it back to HTTP. > > > > > > > > > > robert > > > > > > > > > > > -----Original Message----- > > > > > > From: Joao Batistella [mailto:[EMAIL PROTECTED] > > > > > > Sent: Wednesday, March 17, 2004 9:58 AM > > > > > > To: 'Struts Users Mailing List' > > > > > > Subject: SSLEXT > > > > > > > > > > > > > > > > > > Hello. > > > > > > > > > > > > I'm now using the SSLEXT for struts (following some advices frm > the > > > > list). > > > > > > > > > > > > Now I have my login action protected by HTTPS, but I want the > user, > > > > after > > > > > > login, being forward to the main page of the application using > HTTP > > > > > > protocol. Is this possible? Or I can only change the protocol in > > > > > diferrente > > > > > > requests? > > > > > > > > > > > > Thanks, > > > > > > JP > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
