- First of all you need to enable SSL for your server. For Tomcat you need to generate an openSSL keystore and add the following connector to server.xml:
<Connector port="8443" scheme="https" secure="true" SSLEnabled="true"keystoreFile="mykeystore" sslProtocol="TLS"keystorePass="keystore password" /> - To integrate SSL into your application I recommend Spring Security. It offers exactly what you want (login over HTTPS, then redirected to HTTP). All you have to do to implement it, is to set forceHTTPS to true:
<bean id="authenticationProcessingFilterEntryPoint"class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"><property name="loginFormUrl" value="/pages/login.jsp" /><property name="forceHttps" value="true"/></bean> - Of course Spring and Spring security do have a rather steep learning curve, but it is totally worth it. Do it once and then you can apply it to new apps in less than an hour. You can use Spring Security in both the Spring and Struts application.
Second Way:
<http auto-config="true">
<form-login login-page="/login.jsp" />
<port-mappings>
<port-mapping http="8080" https="8443"/>
</port-mappings>
<intercept-url pattern="/login**" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="https"/>
<intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="https"/>
<intercept-url pattern="/*.do" requires-channel="any" access="ROLE_USER"/>
<logout />
</http>
<form-login login-page="/login.jsp" />
<port-mappings>
<port-mapping http="8080" https="8443"/>
</port-mappings>
<intercept-url pattern="/login**" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="https"/>
<intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="https"/>
<intercept-url pattern="/*.do" requires-channel="any" access="ROLE_USER"/>
<logout />
</http>
1 comments:
Write commentsNice post ....
Reply