11.11. Configuring Actions to Require SSL
Problem
You want to control if HTTPS is required on a page-by-page basis.
Solution
Use the SSLEXT Struts extension.
Discussion
The Struts SSL Extension (SSLEXT), an open source Struts plug-in,
enables you to indicate if an action requires the secure
(https) protocol. Steve Ditlinger created and
maintains this project (with others), hosted at
http://sslext.sourceforge.net.
SSLEXT enables fine-grained secure protocol control by providing:
The ability to specify in the struts-config.xml file if an
actionshould require a secure protocol. This feature essentially allows your application to switch actions and JSP pages fromhttptohttps.Extensions of the Struts JSP tags that generate URLs that include the
httpsprotocol.
The SSLEXT distribution consists of a plug-in class for
initialization (SecurePlugIn), a custom request
processor (SecureRequestProcessor), and a custom
action mapping class (SecureActionMapping).
Warning
If you have been using custom RequestProcessor or
ActionMapping classes and you want to use SSLEXT,
you will need to change these classes to extend the corresponding
classes provided by SSLEXT.
For JSP pages, SSLEXT provides custom extensions of Struts tags for
generating protocol-specific URLs. A custom JSP allows you to
indicate if a JSP page requires https. SSLEXT depends on the Java Secure Socket Extension (JSSE). JSSE is included with JDK 1.4 or later. If you're using an older JDK, you can download JSSE from Sun's Java site. ...