Steve, Thank you for your response. I have taken a look at your https framework and I it looks great. I do have one concern though.
In looking through the code I noticed that if a non-secure request comes in to a action marked as secure, the framework will persist the request attributes in the session and tell the browser to re-direct using https. However this allows the parameters in the form or querystring to go across the network un-encrypted before the framework can perform the redirect. My thought was that the same SecureRequestUtils.computeURL() function should also be used by the form tag to determine, before the form is rendered, that the post should be transmitted via https. This would require subclassing the struts FormTag as well. Am I totally off base here? -Rob -----Original Message----- From: Ditlinger, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, February 01, 2002 7:30 PM To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: Re: Implementing HTTPS in Struts Robert: We recently posted just such a solution. Check it out at http://struts.ditlinger.com. There you will find a description of our solution and a link to download our Struts extensions and example app. If you have any questions, please do not hesitate to ask. Steve >You wrote: --------------- Hello all, my name is Rob Scaduto and I have just recently joined the Struts user mailing list. I have yet to find any resources talking about how to handle switching between http and https (and vice versa) using struts. The only solution I was able to come up with was sub classing the Struts LinkTag and adding a secure attribute. This would then dynamically build an absolute path based on the jsp. This works great when you use the forward or page attribute, but doesn't work at all if you use the href attribute. I'd like to have a solution that works in all cases and I was curious if someone could add some insight. Thanks in advance, Rob -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
