|
|
Recommended: Sing it, brah! 5 fabulous songs for developers
JW's Top 5
Featured White Papers
- Measuring Risk to Improve Java Software Quality
- Do You Really Get Classloaders?
- Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
- Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
- Coding with JRebel, Java Forever Changed
- 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data
Sponsored Links
-
Graph databases are 1000x faster than relational.
Learn More!
-
Career opportunities at Harman- Careers That'll Rock Your Socks Off.
Learn More!
-
Developer-friendly Java PDF libraries by Qoppa Software
Live Demos
-
Stop blaming your app! Diagnose Java performance issues.
Free tool >
-
UrbanCode: Go From Continuous Integration to
Continuous DeliveryLearn More!
Sponsored Links
Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs
Mix protocols transparently in Struts
Extend Struts to implement a mixed protocol solution for Web applications
Page 2 of 6
<servlet id="Servlet_1">
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<!-- Struts Config -->
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<!- other initialization parameters -->
<load-on-startup>1</load-on-startup>
</servlet>
The config initialization parameter defines the location of the Struts definition file, struts-config.xml.
To correctly distinguish Struts action requests, we create a servlet-mapping entry in the deployment descriptor, indicating that any URL request matching the pattern /do/* should forward to ActionServlet. That entry looks like this:
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>/do/*</url-pattern>
</servlet-mapping>
For example, the ActionServlet will process a request to the URL /do/myAction, whereas it won't process a request to /doMyAction.
A typical action definition entry in the struts-config.xml file resembles this:
<action path="/myAction" type="test.ssl.MyAction" >
<forward name="success" path="/home.jsp" />
<forward name="failure" path="/error.jsp" />
</action>
This entry specifies that the test.ssl.MyAction class will execute the action named myAction. In addition to whatever request-processing logic MyAction contains, it also includes logic to determine which Web resource named in the forward tags to forward the request to. The MyAction class, or any class defined as an action, must extend the org.apache.struts.action.Action class. The Action class includes a method named perform() for processing HTTP (or HTTPS) requests. When extending Action to define a Struts action, you should override perform() to define logic similar to what you might define in a servlet's doGet() or doPost() methods. ActionServlet calls this perform() method when it processes a Struts action request.
When a Struts Web application deploys, the ActionServlet reads the struts-config.xml file and creates a mapping for each action defined therein for its specified class type and forward page elements. Each mapping
is stored within an ActionMapping class instance, also found in the org.apache.struts.action package. ActionMapping contains a property for every attribute or child element of the action file element. All ActionMapping instances are then stored in an ActionMappings class instance. Figure 1 displays the diagram for these four classes.
Figure 1. UML diagram of the Struts 1.0 action-processing classes
Putting it all together, we see that when the ActionServlet receives a request, it searches its associated ActionMappings object to find the specific ActionMapping instance with the same name as the Struts action specified in the request. The ActionServlet then creates an instance of the Action subclass mapped to that action (if an instance does not already exist) and calls the perform() method on that instance.
For good measure, Struts also includes numerous custom tags to aid in JSP development. These tags are grouped into four libraries: bean, html, logic, and template.
Extend Struts
To incorporate our protocol-switching mechanism as a Struts extension, we first need a way to specify which action requests
should transmit securely via HTTPS and which should transmit using HTTP. We specify that information in the struts-config.xml file.
Adding an attribute to the action tag element for specifying this secure/nonsecure choice appears tempting. However, that would require us to alter that file's
document type definition (DTD), an action we should avoid. Fortunately, Struts provides a mechanism for easily adding properties
to an action mapping: the set-property tag element. This subelement of the action tag element allows us to specify a property name and value for our action definition. After adding this element, our action
definition now looks like this:
<action path="/myAction" type="test.ssl.MyAction" >
<set-property property="secure" value="true"/>
<forward name="success" path="/home.jsp" />
<forward name="failure" path="/error.jsp" />
</action>
We will use the secure property as a flag where a value of true specifies transmission via HTTPS and false specifies HTTP. In our mixed protocol solution for this case, if ActionServlet receives a request for myAction via HTTP, ActionServlet will redirect that request back to myAction via HTTPS.
To use this new property, we define our own extension to the ActionMapping class named SecureActionMapping, which simply specifies the secure property addition. Here is the class definition:
package org.apache.struts.action;
public class SecureActionMapping extends ActionMapping {
protected boolean secure;
public void setSecure(boolean b){
this.secure = b;
}
public boolean getSecure(){
return this.secure;
}
}
To actually use SecureActionMapping, we must tell the ActionServlet to use that class instead of ActionMapping. Struts again provides a mechanism for doing that: the ActionServlet's servlet entry in the web.xml deployment descriptor file. We simply need to add another initialization parameter, mapping, to tell ActionServlet which class to use for action mappings. The restriction: The class specified in the mapping element must extend ActionMapping. The ActionServlet's web.xml entry now looks like this:
<servlet id="Servlet_1">
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<!-- Struts Config -->
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>mapping</param-name>
<param-value>org.apache.struts.action.SecureActionMapping</param-value>
</init-param>
<!- other initialization parameters -->
<load-on-startup>1</load-on-startup>
</servlet>
Now when ActionServlet parses the struts-config.xml file, it creates a SecureActionMapping instance for every action defined in that file. When it encounters a set-property element for the secure property, ActionServlet uses introspection to find the secure property mutator method, setSecure(), on that SecureActionMapping instance. ActionServlet's parsing logic is also smart enough to convert the specified value into the correct Boolean value.
- Feedback
More from JavaWorld
Resources
- Download the source code and resource files that accompany this article
http://www.javaworld.com/javaworld/jw-05-2002/struts/jw-0510-struts.zip - Information about Apache's Struts project, including links to tutorials, user guide, and Javadocs
http://jakarta.apache.org/struts/index.html - Read the Java Servlet Specification 2.3 for the latest servlet deployment descriptor and API information
ftp://ftp.java.sun.com/pub/servlet/135790dwh/servlet-2_3-fcs-spec.pdf - Still the definitive text for learning and relearning Java ServletsJava Servlet Programming, Second Edition, Jason Hunter and William Crawford (O'Reilly & Associates, 2001; ISBN0596000405)
http://www.amazon.com/exec/obidos/ASIN/0596000405/javaworld - The source for JSP information and links to many more sources and custom tag libraries
http://java.sun.com/products/jsp/index.html - Learn JSP and how to create your own custom tagsWeb Development with JavaServer Pages, Duane K. Fields and Mark A. Kolb (Manning Publications, 2000; ISBN1884777996)
http://www.amazon.com/exec/obidos/ASIN/1884777996/javaworld - Build your own custom JSP tags with Tomcat in "Encapsulate Reusable Functionality in JSP Tags," Simon Brown (JavaWorld, August 2000)
http://www.javaworld.com/javaworld/jw-08-2000/jw-0811-jsptags.html - "Mix Protocols Transparently in Web Applications," Steve Ditlinger (JavaWorld, February 2002)
http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-ssl.html - Search the Security section of JavaWorld's Topical Index
http://www.javaworld.com/channel_content/jw-security-index.shtml - Search the JavaServer Pages section of JavaWorld's Topical Index
http://www.javaworld.com/channel_content/jw-jsp-index.shtml - Search the Servlets section of JavaWorld's Topical Index
http://www.javaworld.com/channel_content/jw-servlets-index.shtml - Sign up for JavaWorld's free weekly email newsletters
http://www.javaworld.com/jw-subscribe - Share your thoughts on SSL with your fellow developers in JavaWorld's Java Security discussion
http://forums.idg.net/webx?50@@.ee6b80e - You'll find a wealth of IT-related articles from our sister publications at IDG.net
About Us | Advertise | Contact Us | Terms of Service/Privacy | AdChoices
Copyright, 2006-2013 Infoworld, Inc. All rights reserved.