Re: Switching from HTTPS to HTTP
Yup, it's quite brilliant - I think it should be incorporated into Struts.
Marino
Adam Hardy [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
sslext works brilliantly with struts and container-managed security.
Definitely what you want. You put attributes in your action mappings to
tell it whether you want the action mapping under SSL or not. It handles
the redirection to / from SSL.
Adam
On 03/12/2004 03:39 PM Mark Lowe wrote:
You could use a filter which without knowing anything about it i imagine
what sslext does.
Better than hardcoding redirects. jstl may have something to force the
scheme also. IMO doing it with mod_rewrite is easier because you any
have to worry about your live deployment, but if you're using catalina
as your webserver then I guess that you're going to have to configure
that.
On 12 Mar 2004, at 14:36, Joao Batistella wrote:
But, I would like to find a way in Java, not in the web server
because, for
now, I'm using Tomcat web server.
Can I just use a send redirect to a HTTP address??
Ex:
sendRedirect(http://myserver/myapp/main.jsp;);
-Original Message-
From: Mark Lowe [mailto:[EMAIL PROTECTED]
Sent: sexta-feira, 12 de março de 2004 13:30
To: Struts Users Mailing List
Subject: Re: Switching from HTTPS to HTTP
There's some java thingy you can use to do this, sslext or something..
If you are using apache for your webserver you can use mod_rewrite
which means less hassle configuring development envionments and such
like.
Here's an example.
NameVirtualHost machinedomain.net:80
VirtualHost www.sparrow.com:80
DocumentRoot /www/www.sparrow.com
SSLEngine off
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^\/checkout
https://%{SERVER_NAME}%{REQUEST_FILENAME} [R,L]
RewriteRule ^\/admin https://%{SERVER_NAME}%{REQUEST_FILENAME}
[R,L]
/VirtualHost
Listen *:443
NameVirtualHost [i used the ip here]:443
VirtualHost www.sparrow.com:443
DocumentRoot /www/www.sparrow.com
SSLEngine on
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule !^(\/checkout)|(\/admin)
http://%{SERVER_NAME}%{REQUEST_FILE
NAME} [R,L]
SSLCertificateFile /[apache home]/conf/ssl.crt/server.crt
SSLCertificateKeyFile /[apache home]/conf/ssl.key/server.key
SSLCACertificateFile /[apache
home]/conf/ssl.crt/intermediate.ca
/VirtualHost
and requests containing /admin or /checkout will have https scheme
forced those that are not wont.
On 12 Mar 2004, at 13:59, Joao Batistella wrote:
Hello!
In my application the login page uses HTTPS to send username and
password to
the server. But after that, if login operation succeed, I want to send
the
user to the main application page using HTTP protocol, not HTTPS. How
can I
switch?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Switching from HTTPS to HTTP
Hello! In my application the login page uses HTTPS to send username and password to the server. But after that, if login operation succeed, I want to send the user to the main application page using HTTP protocol, not HTTPS. How can I switch? Thanks in advance, JP
Re: Switching from HTTPS to HTTP
There's some java thingy you can use to do this, sslext or something..
If you are using apache for your webserver you can use mod_rewrite
which means less hassle configuring development envionments and such
like.
Here's an example.
NameVirtualHost machinedomain.net:80
VirtualHost www.sparrow.com:80
DocumentRoot /www/www.sparrow.com
SSLEngine off
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^\/checkout
https://%{SERVER_NAME}%{REQUEST_FILENAME} [R,L]
RewriteRule ^\/admin https://%{SERVER_NAME}%{REQUEST_FILENAME}
[R,L]
/VirtualHost
Listen *:443
NameVirtualHost [i used the ip here]:443
VirtualHost www.sparrow.com:443
DocumentRoot /www/www.sparrow.com
SSLEngine on
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule !^(\/checkout)|(\/admin)
http://%{SERVER_NAME}%{REQUEST_FILE
NAME} [R,L]
SSLCertificateFile /[apache home]/conf/ssl.crt/server.crt
SSLCertificateKeyFile /[apache home]/conf/ssl.key/server.key
SSLCACertificateFile /[apache home]/conf/ssl.crt/intermediate.ca
/VirtualHost
and requests containing /admin or /checkout will have https scheme
forced those that are not wont.
On 12 Mar 2004, at 13:59, Joao Batistella wrote:
Hello!
In my application the login page uses HTTPS to send username and
password to
the server. But after that, if login operation succeed, I want to send
the
user to the main application page using HTTP protocol, not HTTPS. How
can I
switch?
Thanks in advance,
JP
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Switching from HTTPS to HTTP
But, I would like to find a way in Java, not in the web server because, for
now, I'm using Tomcat web server.
Can I just use a send redirect to a HTTP address??
Ex:
sendRedirect(http://myserver/myapp/main.jsp;);
-Original Message-
From: Mark Lowe [mailto:[EMAIL PROTECTED]
Sent: sexta-feira, 12 de março de 2004 13:30
To: Struts Users Mailing List
Subject: Re: Switching from HTTPS to HTTP
There's some java thingy you can use to do this, sslext or something..
If you are using apache for your webserver you can use mod_rewrite
which means less hassle configuring development envionments and such
like.
Here's an example.
NameVirtualHost machinedomain.net:80
VirtualHost www.sparrow.com:80
DocumentRoot /www/www.sparrow.com
SSLEngine off
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^\/checkout
https://%{SERVER_NAME}%{REQUEST_FILENAME} [R,L]
RewriteRule ^\/admin https://%{SERVER_NAME}%{REQUEST_FILENAME}
[R,L]
/VirtualHost
Listen *:443
NameVirtualHost [i used the ip here]:443
VirtualHost www.sparrow.com:443
DocumentRoot /www/www.sparrow.com
SSLEngine on
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule !^(\/checkout)|(\/admin)
http://%{SERVER_NAME}%{REQUEST_FILE
NAME} [R,L]
SSLCertificateFile /[apache home]/conf/ssl.crt/server.crt
SSLCertificateKeyFile /[apache home]/conf/ssl.key/server.key
SSLCACertificateFile /[apache home]/conf/ssl.crt/intermediate.ca
/VirtualHost
and requests containing /admin or /checkout will have https scheme
forced those that are not wont.
On 12 Mar 2004, at 13:59, Joao Batistella wrote:
Hello!
In my application the login page uses HTTPS to send username and
password to
the server. But after that, if login operation succeed, I want to send
the
user to the main application page using HTTP protocol, not HTTPS. How
can I
switch?
Thanks in advance,
JP
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Switching from HTTPS to HTTP
Haven't used it but there is a Struts extension for this
http://sslext.sourceforge.net
Niall
- Original Message -
From: Joao Batistella [EMAIL PROTECTED]
To: 'Struts Users Mailing List' [EMAIL PROTECTED]
Sent: Friday, March 12, 2004 1:36 PM
Subject: RE: Switching from HTTPS to HTTP
But, I would like to find a way in Java, not in the web server because, for
now, I'm using Tomcat web server.
Can I just use a send redirect to a HTTP address??
Ex:
sendRedirect(http://myserver/myapp/main.jsp;);
-Original Message-
From: Mark Lowe [mailto:[EMAIL PROTECTED]
Sent: sexta-feira, 12 de março de 2004 13:30
To: Struts Users Mailing List
Subject: Re: Switching from HTTPS to HTTP
There's some java thingy you can use to do this, sslext or something..
If you are using apache for your webserver you can use mod_rewrite
which means less hassle configuring development envionments and such
like.
Here's an example.
NameVirtualHost machinedomain.net:80
VirtualHost www.sparrow.com:80
DocumentRoot /www/www.sparrow.com
SSLEngine off
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^\/checkout
https://%{SERVER_NAME}%{REQUEST_FILENAME} [R,L]
RewriteRule ^\/admin https://%{SERVER_NAME}%{REQUEST_FILENAME}
[R,L]
/VirtualHost
Listen *:443
NameVirtualHost [i used the ip here]:443
VirtualHost www.sparrow.com:443
DocumentRoot /www/www.sparrow.com
SSLEngine on
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule !^(\/checkout)|(\/admin)
http://%{SERVER_NAME}%{REQUEST_FILE
NAME} [R,L]
SSLCertificateFile /[apache home]/conf/ssl.crt/server.crt
SSLCertificateKeyFile /[apache home]/conf/ssl.key/server.key
SSLCACertificateFile /[apache home]/conf/ssl.crt/intermediate.ca
/VirtualHost
and requests containing /admin or /checkout will have https scheme
forced those that are not wont.
On 12 Mar 2004, at 13:59, Joao Batistella wrote:
Hello!
In my application the login page uses HTTPS to send username and
password to
the server. But after that, if login operation succeed, I want to send
the
user to the main application page using HTTP protocol, not HTTPS. How
can I
switch?
Thanks in advance,
JP
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Switching from HTTPS to HTTP
You could use a filter which without knowing anything about it i
imagine what sslext does.
Better than hardcoding redirects. jstl may have something to force the
scheme also. IMO doing it with mod_rewrite is easier because you any
have to worry about your live deployment, but if you're using catalina
as your webserver then I guess that you're going to have to configure
that.
On 12 Mar 2004, at 14:36, Joao Batistella wrote:
But, I would like to find a way in Java, not in the web server
because, for
now, I'm using Tomcat web server.
Can I just use a send redirect to a HTTP address??
Ex:
sendRedirect(http://myserver/myapp/main.jsp;);
-Original Message-
From: Mark Lowe [mailto:[EMAIL PROTECTED]
Sent: sexta-feira, 12 de março de 2004 13:30
To: Struts Users Mailing List
Subject: Re: Switching from HTTPS to HTTP
There's some java thingy you can use to do this, sslext or something..
If you are using apache for your webserver you can use mod_rewrite
which means less hassle configuring development envionments and such
like.
Here's an example.
NameVirtualHost machinedomain.net:80
VirtualHost www.sparrow.com:80
DocumentRoot /www/www.sparrow.com
SSLEngine off
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^\/checkout
https://%{SERVER_NAME}%{REQUEST_FILENAME} [R,L]
RewriteRule ^\/admin https://%{SERVER_NAME}%{REQUEST_FILENAME}
[R,L]
/VirtualHost
Listen *:443
NameVirtualHost [i used the ip here]:443
VirtualHost www.sparrow.com:443
DocumentRoot /www/www.sparrow.com
SSLEngine on
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule !^(\/checkout)|(\/admin)
http://%{SERVER_NAME}%{REQUEST_FILE
NAME} [R,L]
SSLCertificateFile /[apache home]/conf/ssl.crt/server.crt
SSLCertificateKeyFile /[apache home]/conf/ssl.key/server.key
SSLCACertificateFile /[apache
home]/conf/ssl.crt/intermediate.ca
/VirtualHost
and requests containing /admin or /checkout will have https scheme
forced those that are not wont.
On 12 Mar 2004, at 13:59, Joao Batistella wrote:
Hello!
In my application the login page uses HTTPS to send username and
password to
the server. But after that, if login operation succeed, I want to send
the
user to the main application page using HTTP protocol, not HTTPS. How
can I
switch?
Thanks in advance,
JP
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Switching from HTTPS to HTTP
sslext works brilliantly with struts and container-managed security.
Definitely what you want. You put attributes in your action mappings to
tell it whether you want the action mapping under SSL or not. It handles
the redirection to / from SSL.
Adam
On 03/12/2004 03:39 PM Mark Lowe wrote:
You could use a filter which without knowing anything about it i imagine
what sslext does.
Better than hardcoding redirects. jstl may have something to force the
scheme also. IMO doing it with mod_rewrite is easier because you any
have to worry about your live deployment, but if you're using catalina
as your webserver then I guess that you're going to have to configure that.
On 12 Mar 2004, at 14:36, Joao Batistella wrote:
But, I would like to find a way in Java, not in the web server
because, for
now, I'm using Tomcat web server.
Can I just use a send redirect to a HTTP address??
Ex:
sendRedirect(http://myserver/myapp/main.jsp;);
-Original Message-
From: Mark Lowe [mailto:[EMAIL PROTECTED]
Sent: sexta-feira, 12 de março de 2004 13:30
To: Struts Users Mailing List
Subject: Re: Switching from HTTPS to HTTP
There's some java thingy you can use to do this, sslext or something..
If you are using apache for your webserver you can use mod_rewrite
which means less hassle configuring development envionments and such
like.
Here's an example.
NameVirtualHost machinedomain.net:80
VirtualHost www.sparrow.com:80
DocumentRoot /www/www.sparrow.com
SSLEngine off
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^\/checkout
https://%{SERVER_NAME}%{REQUEST_FILENAME} [R,L]
RewriteRule ^\/admin https://%{SERVER_NAME}%{REQUEST_FILENAME}
[R,L]
/VirtualHost
Listen *:443
NameVirtualHost [i used the ip here]:443
VirtualHost www.sparrow.com:443
DocumentRoot /www/www.sparrow.com
SSLEngine on
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule !^(\/checkout)|(\/admin)
http://%{SERVER_NAME}%{REQUEST_FILE
NAME} [R,L]
SSLCertificateFile /[apache home]/conf/ssl.crt/server.crt
SSLCertificateKeyFile /[apache home]/conf/ssl.key/server.key
SSLCACertificateFile /[apache home]/conf/ssl.crt/intermediate.ca
/VirtualHost
and requests containing /admin or /checkout will have https scheme
forced those that are not wont.
On 12 Mar 2004, at 13:59, Joao Batistella wrote:
Hello!
In my application the login page uses HTTPS to send username and
password to
the server. But after that, if login operation succeed, I want to send
the
user to the main application page using HTTP protocol, not HTTPS. How
can I
switch?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[sslExt] Switching from HTTPS to HTTP and avoiding the You are about to be redirected to a connection.
I'm using Struts1.1rc1 and sslExtRC1-2. BTW, thanks to Steve for this package. There is one caveat however... If you submit a request to the server via HTTPS and that request is redirected to HTTP before returning to the client (server side code does a Response.sendRedirect() switching the protocol from HTTPS to HTTP), then IE and NS7.x display a pop-up security alert. I have found a work around to be to redirect to a page with embedded logic to determine where to send the user and then use the meta HTTP-EQUIV=refresh content=0; url=%=destination% to redirect the user to the appropriate destination. I don't currently see how the sslExt addresses this issue. If it does, can someone please let me know how. robert -Original Message- From: Robert Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, March 31, 2003 2:17 PM To: [EMAIL PROTECTED] Subject: [sslEXt] You are about to be redirected to a connection which is not secure I am using Struts1.1rc1 with the sslExtRC1-2. My current requirements don't allow me to have all requests go through the Struts Action servlet. (please don't lecture me on the benefits of all requests going through the controller...you're preachin' to the chior) I have a situation where I need to provide a login form through out my site on pages that are directly accessed via HTTP, although the action attribute for the login form element on those pages is HTTPS (providing secure data transport). Validation error or not, the user is always returned to the page from which they signed in. For MSIE and Netscape 7.02 this causes a security alert to pop-up. MSIE: You are about to be redirected to a connection which is not secure. The information you are sending to the current site might be retransmitted to a nonsecure site. Do you wish to continue? Netscape 7.02: You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party. I have found a work around to be to redirect to a page with embedded logic to determine where to send the user and then use the meta HTTP-EQUIV=refresh content=0; url=%=destination% to redirect the user to the appropriate destination. This seems like such a hack and I was wondering if there is a cleaner solution. robert BTW, I have searched the mailing list archives and Google and have yet to find a cleaner (any) solution. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
