SSLExt Configuration/Examples
SSLExt is available from Sourceforge. It's handy way to enforce encryption in your Struts application.
Needed: SSLExt.jar and SSLExt.tld (can get from the sample app supplied at Sourceforge.
- Place the jar in WEB-INF/lib and the tld in WEB-INF.
- Make the following changes to struts-config.xml.
- Change <action-mapping> to <action-mappings type="org.apache.struts.config.SecureActionConfig">
- After </action-mappings>, add <controller processorClass = "org.apache.struts.action.SecureTilesRequestProcessor" />
- Add
the SSLExt plugin:
<!-- SSLEXT PLUGIN -->
<plug-in className="org.apache.struts.action.SecurePlugIn">
<set-property property="httpPort" value="8080"/>
<set-property property="httpsPort" value="8443"/>
<set-property property="enable" value="true"/>
</plug-in>
(If using Apache as the secure server, change port values to 80 and 443 respectively) - To
make an action use
encryption, add:
<set-property property="secure" value="true"/> (set value="false" to go back to http).
Struts Action Example:
<action name="exampleForm" parameter="dispatch" path="/secureAction"
scope="session" type="com.domain.SecureAction" validate="false" input="anypage">
<set-property property="secure" value="true"/>
<forward name="success" path="goodPage"/>
<forward name="failure" path="errorPage"/>
</action>
- To force a link to use encryption:
<sslext:link action="/true" module="/modulefoo">text</sslext:link> - To
make a form submit securely:
<sslext:form action="/secureSubmit" ></sslext:form>
This posts to a secure action. - To
make a page only accept secure connections,
use:
<sslext:pageScheme secure="true" />
With all tags/values, true=secure (https), false=not-secure(http), any = either (https or http).
Suggestions? Comments? Use our contact page.
Back to programming examples and notes.
