I have Apache running HTTP and HTTPS (with SSL enabled and mod_rewrite is used to rewrite HTTP to HTTPS) at web tier and Resin 2.1.10 running behind. My goal is to secure the whole site. I am able to configure Apache/SSL so when the first page is hit, it gets redirected to https from there on. However, when I have Struts involved, it forms the URL with HTTP rather than HTTPS. Thus, a window will pop up in front of browser saying I am being redirected to a unsecure site, even though after I click on Yes to continue, it switches back to HTTPS. As a proof, the unsecured URL request formed from Struts goes to Apache's non-SSL log.
The Resin log shows the following right before the browser gets the prompt for unsecure connection warning: 1097268 DEBUG [tcpConnection-6802-6] action.RequestProcessor - processForwardConfig(ForwardConfig[name=null,path=/core/sitemap.jsp,redirect =true,ontextRelative=false]) And in struts config file, REDIRECT is set to TRUE. We'd like to keep REDIRECT=TRUE because, if not, when user click on the Back button, it seems to lose the session information. My question is: is there anyway to prevent it from temporarily switching to HTTP (thus it won't pop up the window) while still having REDIRECT=TRUE? Appreciated! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
