Hi
This is how we set up our controller to switch http/https. I was never happy
with it but it works for us.
I'm posting it in the hope someone will point out a better way!
Basically we decided on boundary conditions as requesting login and
requesting logoff (controller always checks user and sets nextURL to
login,jsp). If a boundary is crossed, rewrite URL with correct protocol.
private void processRequest(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException {
set up and create an action that returns the next url
nextUrl = requestAction.perform( this, request, response );
}
} catch (Exception e) {
mm.getErrorBean(request).setException(e);
nextUrl = WebPages.ERROR_URL;
}
}
if (nextUrl != null) {
String swtch = SwitchHttp(nextUrl, action);
if ( !swtch.equals("") ) { response.sendRedirect(reWriteURL(swtch,
nextUrl, request)); }
else {
getServletConfig().getServletContext().getRequestDispatcher(nextUrl).forward
(request, response); }
} // end if (nextUrl != null)
} // end method processRequest
// ******** Begin Of method SwitchHttp
private String SwitchHttp(String Url, String action) {
String swtch = "";
String dev = getServletContext().getInitParameter("development"); //
param to set https off for development environments
if (dev == null) {dev = "";}
if (!dev.equals("true")) {
if (Url == WebPages.HB_LOGIN_URL) {swtch =
"https://";; }
if (action.compareTo(RequestActionKeys.HB_LOGOFF) == 0) {swtch =
"http://";; }
if (Url == WebPages.LOGIN_URL) {swtch =
"https://";; }
if (action.compareTo(RequestActionKeys.LOGOFF_REQ) == 0) {swtch =
"http://";; }
}
return swtch;
} // End Of method SwitchHttp
// ******** Begin Of method reWriteURL
private String reWriteURL(String swtch, String url, HttpServletRequest
request){
int portNo = request.getServerPort();
String port = new String (":"+portNo);
if ((portNo == 80) || (portNo == 443)) { port=""; }
String newUrl = new String(swtch+request.getServerName()+port+
request.getContextPath()+ url);
return newUrl;
} // End Of method reWriteURL
}
:-)
Regards
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
Advanced Banking Solutions Limited
+44 (0)20 7448 9146
���,��,����'����,��,����'����,��,������,��,����'����,��,����'����,��,������,
��,����'����,��,
This email and any attachments are confidential. They may contain privileged
information or useless trivia and are intended for the named addressee (s)
only.
They must not be distributed without our consent. If you are not the
intended recipient,
please notify us immediately and do not disclose, distribute, or retain this
email or any
part of it. Unless expressly stated, opinions in this email are those of the
individual sender, and not of Advanced Banking Solutions Limited. We believe
but do not warrant that this e-mail and any attachments are virus free. You
must
therefore take full responsibility for virus checking. Advanced Banking
Solutions
Limited and its subsidiaries reserve the right to monitor all email
communications
through their networks.
���,��,����'����,��,����'����,��,������,��,����'����,��,����'����,��,������,
��,����'����,��,
-----Original Message-----
From: Rob Breeds [SMTP:[EMAIL PROTECTED]]
Sent: 27 November 2001 18:34
To: Struts Users Mailing List
Subject: Two security roles, one ActionServlet?
Hi
I've seen various threads saying that there is no advantage to
having
multiple Struts servlets as they are multithreaded.
However, if I want to define two security roles for my application,
in
which some actions are secure (via https) and some are insecure (via
http),
is there a way to specify security for the servlet such that actions
belonging to Role A will be secure and actions belonging to Role B
won't
be? Is it possible to differentiate between roles using URL
patterns, e.g.
anything beginning with /sendInfo/* is secure and /getInfo/* is
insecure?
I know nothing about servlet security so any help is appreciated!
Thanks
Rob Breeds
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
