Re: Switching from HTTPS to HTTP

[Adam Hardy]

sslext works brilliantly with struts and container-managed security. 
Definitely what you want. You put attributes in your action mappings to 
tell it whether you want the action mapping under SSL or not. It handles 
the redirection to / from SSL.

Adam

On 03/12/2004 03:39 PM Mark Lowe wrote:
You could use a filter which without knowing anything about it i imagine 
what sslext does.

Better than hardcoding redirects. jstl may have something to force the 
scheme also. IMO doing it with mod_rewrite is easier because you any 
have to worry about your live deployment, but if you're using catalina 
as your webserver then I guess that you're going to have to configure that.



On 12 Mar 2004, at 14:36, Joao Batistella wrote:

But, I would like to find a way in Java, not in the web server 
because, for
now, I'm using Tomcat web server.
Can I just use a send redirect to a HTTP address??

Ex:
sendRedirect("http://myserver/myapp/main.jsp";);
-----Original Message-----
From: Mark Lowe [mailto:[EMAIL PROTECTED]
Sent: sexta-feira, 12 de março de 2004 13:30
To: Struts Users Mailing List
Subject: Re: Switching from HTTPS to HTTP
There's some java thingy you can use to do this, sslext or something..

If you are using apache for your webserver you can use mod_rewrite
which means less hassle configuring development envionments and such
like.
Here's an example.

NameVirtualHost machinedomain.net:80

<VirtualHost  www.sparrow.com:80>
         DocumentRoot /www/www.sparrow.com
         SSLEngine off
         RewriteEngine on
         RewriteCond %{SERVER_PORT} ^80$
         RewriteRule ^\/checkout
https://%{SERVER_NAME}%{REQUEST_FILENAME} [R,L]
         RewriteRule ^\/admin https://%{SERVER_NAME}%{REQUEST_FILENAME}
[R,L]
</VirtualHost>

Listen *:443
NameVirtualHost [i used the ip here]:443
<VirtualHost www.sparrow.com:443>
         DocumentRoot /www/www.sparrow.com
         SSLEngine on
         RewriteEngine on
         RewriteCond %{SERVER_PORT} ^443$
         RewriteRule !^(\/checkout)|(\/admin)
http://%{SERVER_NAME}%{REQUEST_FILE
NAME} [R,L]
         SSLCertificateFile /[apache home]/conf/ssl.crt/server.crt
         SSLCertificateKeyFile /[apache home]/conf/ssl.key/server.key
         SSLCACertificateFile /[apache home]/conf/ssl.crt/intermediate.ca
</VirtualHost>
and requests containing /admin or /checkout will have https scheme
forced those that are not wont.
On 12 Mar 2004, at 13:59, Joao Batistella wrote:

Hello!

In my application the login page uses HTTPS to send username and
password to
the server. But after that, if login operation succeed, I want to send
the
user to the main application page using HTTP protocol, not HTTPS. How
can I
switch?


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]