• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Struts app on JRUN over HTTP/HTTPs in Apache

 
Ranch Hand
Posts: 430
Android VI Editor Debian
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i am writing a struts based application using struts 1.2. The application is supposed to switch between both HTTP and HTTPs. To be more precise, the only page that is supposed to run on SSL is the login page.

Now i am so confused how i should implement this. The main problem that i am having is i am not sure how the webserver supports SSL.

To make it even more confusing.. the application is developed and tested on Tomcat 5.0, i know that from within tomcat i can configure the tomcat webserver to run specific 'Actions' on secure sessions this is not a problem.

The actual problem is that the application will eventually be deployed on an Apache Webserver running JRUN. This is where the problem starts. I have googled around and have not been able to clarify whether Apache
supports SSL. I have seen some articles but it all looks way too confusing. So can somebody please clarify this for me.

one important thing to note is that i will not have access to the Apache webserver so configuring it is out of the question. I might probably be able to enable SSL (if i ask nicely).

Now this is what i need to know

0. Can a struts application be developed to run on SSL on JRUN/APACHE without the need to configure Apache? If not, what are the necessary configuration needed?
1. Does Apache support SSL?
2. Does JRun support SSL?
3. If i were to implement SSL on just the Login page, what is the best and quickest approach? (the target environment is JRUN on APACHE)

The application does not really need to use SSL keys coz that is not important(i.e. they dont want to pay for it ) All its supposed to do is ensure that the data transfered is over ssl.

can u help?

Any help will be greatly appreciated.
[ October 19, 2005: Message edited by: Ziggy - [The Oracle] ]
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"Ziggy - [The Oracle]",
we're a friendly bunch here at the Ranch, but we take the display name rule very seriously.

Display names must be two words: your first name, a space, then your last name. Fictitious names are not allowed.

Please edit your profile and correct your display name. Accounts with invalid display names get deleted.

If you consider that I could have spent the time writing the warning reading your post instead, I hope you see the value in changing your display name promptly.

thanks,
Dave.
 
ranger
Posts: 17347
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We are also going to move this thread to the Struts forum.

This forum is for Servlets only questions. Since your question is about Struts, then I think that forum is more appropriate.

Thanks

Mark
 
O. Ziggy
Ranch Hand
Posts: 430
Android VI Editor Debian
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ok guys sorry about that.. i didnt realise that nick names were not allowed. i've changed the name.
 
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ziggy - [The Oracle]:
Now this is what i need to know

0. Can a struts application be developed to run on SSL on JRUN/APACHE without the need to configure Apache? If not, what are the necessary configuration needed?

No. Any time you have a web server (Apache) communicating with an App server (JRUN), you need to be able to configure a plugin on the web server. If you can't configure the web server, it won't talk to the app server. Then there's the matter of SSL. You have to configure apache to use SSL.

1. Does Apache support SSL?

Plain old Apache does not support SSL, however Apache-SSL does. You could also configure plain old Apache to use openSSL.

2. Does JRun support SSL?

I'm not very familiar with JRun, but I'm sure it supports SSL. It really doesn't need to, though, because the SSL communication will be between the user's browser and the web server. The communication between the web server and the app server is probably over a secured network anyway, so SSL generally isn't necessary for that connection.

3. If i were to implement SSL on just the Login page, what is the best and quickest approach? (the target environment is JRUN on APACHE)

The application itself doesn't know or care whether the communication is via SSL. The only thing you need to worry about inside the application is to make sure the login page is being called with https:// instead of http://

The tricky part will be configuring the web server to use SSL.

My advice is to spend some time educating yourself on how SSL works. Here is a good URL to start with.

http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security6.html


The application does not really need to use SSL keys coz that is not important(i.e. they dont want to pay for it ) All its supposed to do is ensure that the data transfered is over ssl.


In SSL, you have no choice but to use digital certificates. The choice is between a self-signed certificate, which is free, and a certificate signed by a CA (Certifying Authority) which is not free. The trouble with using a self-signed certificate is that every time the SSL page comes up, the browser will warn the user that the certificate is self-signed.

 
reply
    Bookmark Topic Watch Topic
  • New Topic