Raible's Wiki
Raible Designs
Wiki Home
News
Recent Changes
AppFuse
Homepage- Korean
- Chinese
- Italian
- Japanese
QuickStart Guide
- Chinese
- French
- German
- Italian
- Korean
- Portuguese
- Spanish
- Japanese
User Guide
- Korean
- Chinese
Tutorials
- Chinese
- German
- Italian
- Korean
- Portuguese
- Spanish
Other Applications
Struts ResumeSecurity Example
Struts Menu
Set your name in
UserPreferences
UserPreferences
Referenced by
AppFuseAddServlet
JSPWiki v2.2.33
![[RSS]](https://raibledesigns.com/wiki/images/xml.png "Aggregate the RSS feed")
Hide Menu
AppFuseSecuritySettings |
|
| Your trail: | |
Difference between version 4 and version 3:
| At line 26 added 36 lines. |
| ---- |
| !Force a page/action to use SSL |
| The simplest way is to add a tag to your {{.jsp}} file. |
| {{{ |
| <appfuse:secure/> |
| }}} |
| A couple of other methods from [this mail list thread|https://appfuse.dev.java.net/servlets/ReadMsg?list=users&msgId=112709]: |
| __1.__ Secure your Action programmatically by requiring that it uses https. This works, but doesn't encrypt any data b/w the user's browser and your action. Below is an example from ActionFilter. |
| {{{ |
| String redirectString = |
| SslUtil.getRedirectString(request, |
| config.getServletContext(), |
| secure.booleanValue()); |
| if (redirectString != null) { |
| if (log.isDebugEnabled()) { |
| log.debug("protocol switch needed, redirecting to '" + |
| redirectString + "'"); |
| } |
| // Redirect the page to the desired URL |
| response.sendRedirect(response.encodeRedirectURL(redirectString)); |
| // ensure we don't chain to requested resource |
| return; |
| } |
| }}} |
| __2.__ Secure URL patterns in web.xml and set a constraint to TRANSPORT-GUARANTEE. |
| The problem with both of the above is there are no mechanisms for returning you *back* to http. One way is to use the JSP tag <appfuse:secure mode="unsecured"/> or you could use the SslUtil at the end of your action to return you. |
Back to AppFuseSecuritySettings, or to the Page History.