Hummm....I did not try that. I will play with that tongiht. But in regards to this, I found in my O'Reilly Struts Cookbook the example pp373 on how the sslext works. It is funny, because I was reading an article last night from here: <http://www.javaworld.com/javaworld/jw-05-2002/jw-0510-struts_p.html> and upon further investigation, the article was written by Steve Ditlinger, (back in 02) and evidently he made it available to all in this sslext.
After reading the article and code, and looking at how the mappings are extended and the requestprocessor was extended, it makes complete sense how it works. I am going to configure this tonight into my system and give it a try. Looks like a clean implementation. Scott -----Original Message----- From: Daniel Perry [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 06, 2005 11:08 AM To: Struts Users Mailing List Subject: RE: sslext > If I use the action mapping and forward to a full url specifying the > type [http, https], then I have to do a redirect, and then the jsp > page shows up in the url, and that is not good. So I hate that idea. Why does the jsp have to show up in the url? Why not redirect to a full struts url, eg, http://foo.com/bar/action1.do redirects to https://foo.com/bar/action2.do and action 2 forwards to a jsp. I had this same issue last week - log on page had to be ssl, but rest of site not. So, i just make the link to login.do a full link inc https and sessionid, and make the login success forward redirect to the non ssl full link. Worked a treat. The biggest problem i came accross was that the site runs on www.foo.com, but ssl is on foo.com, and tomcat doesnt seem to let you set a domain for session cookies (PLEASE TELL ME IF I AM WRONG!!!), so i had to bodge it: i added a servlet filter that checks for a session, and if it's new, sets an extra cookie for the base domain. > Then I found the sslext at sourceforge ... but cannot find any > information on how this works, how to configure, etc. And the mailing > lists look like a ghost town. Never used it so i cant comment. Daniel. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
