Joe,
This is SSLExt in Struts, right? So why can't you do this:
<plug-in className="org.apache.struts.action.SecurePlugIn">
<set-property property="httpPort" value="80"/>
<set-property property="httpsPort" value="443"/>
<set-property property="enable" value="false"/>
<set-property property="addSession" value="true"/>
</plug-in>
Or something like that? I took that line from the SSLExt V1.2.0 CVS example
web/WEB-INF/struts-config.xml file and simply updated the httpPort,
httpsPort and enable properties to suggest what you're asking about. Their
plugin also seems to exist for their version 1.1 SSLExt webapp example. To
see this in CVS, click on the URL:
http://cvs.sourceforge.net/viewcvs.py/sslext/sslext120/web/WEB-INF/struts-co
nfig.xml?rev=1.2&view=auto
If that doesn't work, you could probably copy their
org.apache.struts.action.SecurePlugInInterface, change the line:
static final String DEFAULT_ENABLE = "true";
TO:
static final String DEFAULT_ENABLE = "false";
and copy your compiled class to:
/WEB-INF/classes/org/apache/struts/action/SecurePlugInInterface.class
so it overrides the "true","any","false" setting as you desire.
Unless, of course, I'm pointing you to the wrong default variable's name. :)
I hope these two simple ideas for a solution help. Please let me know.
Regards,
David
-----Original Message-----
From: Joe Hertz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 20, 2004 5:34 PM
To: 'Struts Users Mailing List'
Subject: [slight OT] SSLExt default behavior
Anyone aware of if there is a way to specify the default behavior for the
secure set-property for Actions when using SSLExt?
I'm taking an existing struts app and adding https pages to it with SSLExt.
Simple enough.
But it seems as if an action, should "secure" be unspecified, will default
to the same behavior as if it was set to "any", i.e. the action will work
over http or https.
So what happens is once the user goes to an https required page
(secure=true), all of the other actions he hits are quite happy to keep him
in https. The application wont break/care, but this would mean the hosting
costs go up unnecessarily (https counts more against the bandwidth
limitation).
So does anyone know if there a way to get SSLExt to treat an unspecified
secure set-property as == "false", rather than "any"? I can fix this the
hard way, but I'd like to believe I shouldn't have to...
TIA
-Joe
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
