Struts 2 and SSL switching (part 2)
Setting up Tomcat with SSL
To set up Tomcat with SSL use this excellent documentation from the Tomcat user docs.On with the code
All our code is really done using the struts.xml, only in this case we are not mapping to an concrete action. The important bit of the struts.xml is as follows:
<package name="sslsecured-pages" extends="ssl-default" namespace="/sslsecured">
<interceptors>
<interceptor-stack name="secureStack">
<interceptor-ref name="secure">
<!--
The useAnnotation is set to false so that all actions in this pacakge
will be sent to SSL.
-->
<param name="useAnnotations">false</param>
</interceptor-ref>
<interceptor-ref name="defaultStack"/>
</interceptor-stack>
</interceptors>
<!--
Always include the SSL interceptor in our actions by setting it to be the default stack
-->
<default-interceptor-ref name="secureStack"/>
<action name="*" class="struts2you.struts2.action.BaseActionSupport">
<result name="success">/WEB-INF/pages/usr/sslsecured/{1}.jsp</result>
</action>
</package>
As you can see the the <package> extends ssl-default rather than struts-default and I have used a namespace of /sslsecured for my pages. If you did look inside the struts-ssl-plugin.jar then you will have been able to see that there is a struts-plugin.xml file that simply extends struts-default.xml. The struts-plugin.xml defines the SSLInterceptor that actually handles our SSL switching for us.
Creating a package in the above way is a simple way of keeping track of those pages that you need to be secured. Simply put them into the (in my case) /WEB-INF/pages/usr/sslsecured/ folder and as I have the:
<param name="useAnnotations">false</param>
it means that all pages and actions in this package are going to be handled over SSL.
All you need to do then is hit the above package with an action name of a jsp in your /WEB-INF/pages/usr/sslsecured/ folder. This is done as follows from a Struts 2 aware jsp page:
<s:url id="urlSSLProtectedPage" action="sslProtectedPage" namespace="/sslsecured" />
<s:a href="%{urlSSLProtectedPage}">Go to an SSL protected page</s:a>
This creates a hyperlink to /sslsecured/sslProtectedPage.action which due to the magic of wildcard mappings will redirect us to /WEB-INF/pages/usr/sslsecured/sslProtectedPage.jsp. Remember to import your Struts 2 taglib into the page that has the above code:
<%@ taglib prefix="s" uri="/struts-tags" %>
25.02.2009 12:00 - Posted by doahh - Comments: 0 - Java
Comments: