It's always a pain when you try to mix secure (http) and (https) pages in Struts 1.x. Struts doesn't provide a built-in support for that. So here's a little Servlet Filter that can help in these kind of situations. The beauty of this approach is that it's non-intrusive so you don't really need to make any changes to your Struts application. All you need to do is put the Strut Action Names of the actions that need to be served securely in secureActions Set and the actions that don't care about the request scheme in dependantActions Set and Voila! .... just don't forget to put the filter definition is your web.xml ;)
public class RequestSchemeFilter implements Filter {
private static final String strutsExtention = ".do";
private final Set<String> secureActions = new HashSet<String>();
private final Set<String> dependantActions = new HashSet<String>();
public RequestSchemeFilter() {
secureActions.add("login");
secureActions.add("userAccount");
secureActions.add("checkOut");
dependantActions.add("dynamicCSS");
}
public void init(final FilterConfig config) throws ServletException {
}
public void destroy() {
}
public void doFilter(final ServletRequest servletRequest,
final ServletResponse servletResponse, final FilterChain filterChain)
throws IOException, ServletException {
boolean stopChain = false;
try {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final String requestUri = request.getRequestURI();
final String requestUrl = request.getRequestURL().toString();
final String queryString = request.getQueryString();
final String requestScheme = request.getScheme();
final String actionNameWithExtention = requestUri.substring(requestUri.lastIndexOf('/') + 1);
final String actionName = actionNameWithExtention.substring(0, actionNameWithExtention.length() -
strutsExtention.length());
final StringBuilder originalUrl = new StringBuilder();
originalUrl.append(requestUrl);
if (StringUtils.isNotBlank(queryString)) {
originalUrl.append('?').append(queryString);
}
if (!"https".equalsIgnoreCase(requestScheme) && secureActions.contains(actionName)) {
final String newUrl = toSecure(requestUrl, queryString);
final HttpServletResponse response = (HttpServletResponse) servletResponse;
response.sendRedirect(newUrl.toString());
stopChain = true;
} else if ("https".equalsIgnoreCase(requestScheme) && !secureActions.contains(actionName)
&& !dependantActions.contains(actionName)) {
final String newUrl = toUnsecure(requestUrl, queryString);
final HttpServletResponse response = (HttpServletResponse) servletResponse;
response.sendRedirect(newUrl.toString());
stopChain = true;
}
} catch (final Exception e) {
//not important
}
if (!stopChain) {
filterChain.doFilter(servletRequest, servletResponse);
}
}
private static String toSecure(final String requestUrl, final String queryString) {
final StringBuilder newUrl = new StringBuilder();
newUrl.append("https://");
newUrl.append(requestUrl.substring(requestUrl.indexOf("://") + 3));
if (StringUtils.isNotBlank(queryString)) {
newUrl.append('?').append(queryString);
}
return newUrl.toString();
}
private static String toUnsecure(final String requestUrl, final String queryString) {
final StringBuilder newUrl = new StringBuilder();
newUrl.append("http://");
newUrl.append(requestUrl.substring(requestUrl.indexOf("://") + 3));
if (StringUtils.isNotBlank(queryString)) {
newUrl.append('?').append(queryString);
}
return newUrl.toString();
}
}
|
Take your first step in building a better competitive edge by contacting us today.
What We Do
