• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
  • Bear Bibeault
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • salvin francis
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Frits Walraven
  • Jj Roberts
  • Carey Brown
  • Scott Selikoff

Switching between http and https in struts-config

Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm working on a webapp where some of the pages should be accessed through HTTPS and others through HTTP.

For example, login and registration need to be secure, but once the registration is done and we go to the user home page, we can go back to the nonsecure site.

All pages, secure and nonsecure, are being served by the same Tomcat instance.

I'm wondering about the best way to handle this in the struts config file. If you are allowed to put absolute URLS in a forward "path" attribute, that could be one solution, but it loses portability and that file has to be edited every time we want to deploy the app to another machine with another hostname.

To be more concrete, let's say we go to this page:

The action contains multiple forwards, all of which will continue to be served by https since we started with an https url. But I want at least one of those forwards to return to the nonsecure site. (I also want to do the converse).

Anyone have some ideas on this?
Ranch Hand
Posts: 107
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You will need to write a filter that will check to see if the page is using http or https. If the requested page is in a non-secure area, send a redirect to the user's browser with the corrected url. You can do the same going the other way from http to https.
What are you doing? You are supposed to be reading this tiny ad!
the value of filler advertising in 2021
    Bookmark Topic Watch Topic
  • New Topic