I'm trying to replicate the behavior that occurs when you set CONFIDENTIAL to confidential in web.xml. If I do this, when I hit the index.jsp page of my webapp, I am automatically redirected to https://localhost/myappname. However, I have a different SSL port setup for testing, and I'd like to only switch on one page, the index.jsp page. So I've added the following scriplet to my index.jsp and it works great in Mozilla, but fails in IE. IE prompts me with the certificate information, and then gives a "Cannot Find Server" error. Any ideas?
<%
// TODO: Make this into a tag library
Boolean secureLogin = (Boolean)application.getAttribute(Constants.SECURE_LOGIN);
System.out.println("secureLogin: " + secureLogin);
if (secureLogin.booleanValue()) {
// make sure we're using https
if (request.getScheme().equals("http")) {
String redirectString = SslUtil.getRedirectString(request,
application,
true);
System.out.println("redirecting to: " + response.encodeRedirectURL(redirectString));
%>
<logic:redirect href="<%=response.encodeRedirectURL(redirectString)%>"/>
<%
}
}
%>
Everything looks the same in Tomcat's log when using either browser.
Erik gives us the heads up on a new W3C Proposal: an XML Encryption, Decription Standards. Just after I finished my first draft of my chapter on Security!! Arghh! Oh well, I'm sure there will be a 2nd and 3rd draft. I'll have to read this article and see if it's relevant. The first draft was due Sunday, I turned it in yesterday. It is supposed to include a sample application, and I'm still working on it.
I was up until 5 a.m. this morning working on it. I got Hibernate working nicely, and I can generate my Hibernate persistence layer and my Struts (validator) forms using xdoclet. Cool stuff, I did have to write the business tier to talk to hibernate, and I did have to write a Hibernate class (DAO) to talk to the persistence layer. Not as easy and clean as I'd hoped for, but now that the groundwork is laid, it'll probably be easier to move forward. It's pretty sweet that I can add a getter/setter to my POJO (actually it's an entity bean since that's the only way to generate struts forms using xdoclet) and I get a new column in the database and in both my VO (hibernate uses this) and my Form.
An interesting new extension came through the struts-dev mailing list today. It's called the "neteye actioncache" and is an extension that provides a simple but powerful caching facility for struts. It's features as are:
- Caching of binary and character data
- Support for URL based session tracking
- Allows to use multiple actions on a single page
- LRU caching policy
- Persistence
Pretty cool - don't know if I'll ever need it, but nice to know it exists. More information can be found at http://actioncache.neteye.de.
