Hallo Leon! Bei der Sache mit den Regeln stimme ich mit dir überein! Das Problem ist nur, wie man dafür sorgt, dass sich alle an die Regeln halten? :-) Wir betreuen auch Anwendungen die über unser Test und Integration System laufen aber dann auf ein anderes Produktiv System gehen, welches nicht über HTTPS angesprochen werden muss. Wir prüfen grad die Möglichkeit den Apache für die "HTTPS-Produktiv Applikationen" den HTTP Aufruf zu unterbinden indem wir eine Fehlerseite anzeigen als "leichte Erzieherische Maßnahme" ausgeben lassen :-)
Ich hab mich in der Zwischenzeit mal ein bisschen über den Unterschied zwischen redirects und forwards schlau gemacht. Und denke, das ein Action Forward für unser Entwicklungsumfeld sogar die bessere Alternative darstellen, weil diese performanter und für den User Transparenter gehandelt werden. Außerdem bieten sie für den Entwickler den Vorteil, das die Request Parameter und er Kontext vollständig erhalten bleiben. Ich habe mittlerweile noch eine neue Möglichkeit gefunden die vielleicht das Problem lösen könnte. Und zwas über einen redirect"-filter mittels des HttpServletResponseWrapper der in die web.xml eingebuden wird. Dieser könnte die System Properties des jeweiligen System auslesen und anhand derer entscheiden ob der Response per HTTPS oder HTTP gesendet wird. Ich lese mich dazu grad ein wenig ein! Wenn du magst halte ich dich auf dem Laufenden. Gruß, André -----Original Message----- From: Leon Rosenberg [mailto:[EMAIL PROTECTED] Sent: Dienstag, 6. September 2005 11:19 To: Struts Users Mailing List Subject: RE: Struts in loadbalanced enviroment On Tue, 2005-09-06 at 10:48 +0200, Fritsch, Andre wrote: > Hello Leon! > > Thanks for your answer! That was our first idea, too. We now changed the > redirects to forwards, but we are not sure if we will run into troubles with > some struts extensions which might use redirects. Furthermore you know, > developers love their programming liberty ;-) > I found the http://sslext.sourceforge.net/ as a possible solution. Do you > know this extension and have you already experienced with it? > hi, we've looked into it, and other verticals of our company are actually using it (scout24) but we don't for following reason: the loadbalancer is quite better in driving ssl then tomcat and the cpu is our most limited resource so we don't want to bring more tasks to the cpu. On the other hand we don't want to drive https on test system with sslext and http on live system, because it's just not the same, and you want to have your testsystem 100% compatible to the livesystem, or you will not be able to test on the testsystem :-) So we decided to buy an older version of the loadbalancer (f5) for the testsystem, so the application itself is always http and only the loadbalancer does the https part. In case you need https to be driven by the webserver I'd suggest you use an apache (or squid) in front of the tomcat and let them do the job. Ad liberty: liberty is a good thing, but you are probably working in teams and teams need rules: -) lg Leon P.S. We can discuss this topic off-list, since we are both from germany more extensively if you like. > Kind regard, > > André > > > -----Original Message----- > From: Leon Rosenberg [mailto:[EMAIL PROTECTED] > Sent: Dienstag, 6. September 2005 09:54 > To: user@struts.apache.org > Subject: Re: Struts in loadbalanced enviroment > > > Sounds very similar to what we do, even the number of systems (develop, > integration, test, live), besides we are loadbalancing the test system > too, because there are a lot of possible bugs which only occur in > loadbalanced environment (cookie rewriting, ssl, and so on). > > However, we never use struts redirects, only forwards. All redirects we > need, we write by ourself, mostly via javascript, some via header. I > don't know what exactly you are gaining by using struts-redirect instead > of forward, so i don't know what you will loose with our solution, but > it works :-) > > regards > Leon > > P.S. Btw, ever tried to redirect to relative url? This should be > protocol neutral. > > On Tue, 2005-09-06 at 08:54 +0200, Fritsch, Andre wrote: > > Hello to everyone in the struts user-group! > > > > In our productive environment we have a problem concerning struts redirects > > behind our load balanced servers. Queries to the running struts > > applications are sent by https protocol towards the load balancer which > > receives the query, terminates ssl and forwards plain http to a Jboss > > application server in which the struts application is running. Our problem > > is that struts receives the query in http and uses this protocol for the > > redirect but we would need https to recontact the load balancer correctly > > with ssl. We have a 4 step development process from the developer pc to our > > test system and then via our integration system to the productive > > environment. The developer pc, our test system and our integration system > > does not use ssl and the test and integration system is not load balanced. > > To support high availability our productive system is load balanced to 4 > > servers and uses ssl connection. We know that it is possible to solve it > > hard coded either by defining absolute links or define a forward in the > > struts config xml. But our release workflow through the 4 steps is mostly > > automated so that this would cause extensive administrative input for every > > application that passes a development phase. Therefore we are looking for a > > possibility to specify a global parameter so that struts redirects are sent > > by pre defined protocol. Http: on the developer pc, the test and > > integration system. Https: on our productive system. Is it possible to > > specify such a parameter or is there another possibility to override the > > protocol not restricting the use of relative links? > > > > > > Kind Regards, > > > > André Fritsch > > > > ____________________________________________________ > > SIEMENS Siemens Business Services GmbH & Co OHG > > Human Resources > > Management > > Heinz-Nixdorf-Ring 1 > > D-33106 Paderborn > > > > André Fritsch Telefon +49 5251 8 2 55 96 > > HR - Services Fax +49 5251 8 2 52 09 > > SBS D SOL HRM 5 <mailto:[EMAIL PROTECTED]> mailto:[EMAIL > > PROTECTED] > > PDB > > ____________________________________________________ > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
