It may be an ugly hack, but it has worked for some of my actions. If you
return null instead of the action name to be invocated, you can use a
response object to send information directly to the user. The
HttpServletRequest object has method isSecure() which you can use to
determine whether the request is secure or not. If it's not use the
HttpServletResponse object to redirect the user to the secure location.

The other approach is to make a plain simple filter to do this, since you
probably won't need any of the Struts features for this kind of task.

But this shouldn't be used for anything but simple front page redirects. If
the user sends a non-SSL request then he has already sent all the
information unprotected across the internet, and just redirecting him to an
SSL-protected page doesn't really help in securing the application.

On 7/10/07, Session A Mwamufiya <[EMAIL PROTECTED]> wrote:

Hi All,

I've installed SSL on my JBoss container (it works) and have created an
interceptor that checks that the requests to my web app are secure (using
https).  I would like to redirect all non-secure requests to use ssl and
have https in the address.  How can this be done?  I'm not sure how to tweak
the request object or the action invocation to make this happen.

Thanks,
Session


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


Reply via email to