|
|
Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs
Page 5 of 6
We code this behavior into an html:form tag extension called sslext:form by extending the class org.apache.struts.taglib.FormTag with our own org.apache.struts.taglib.SecureFormTag class. As an example of this tag in use, assume a JSP transmitted using HTTP contained the following two forms:
<sslext:form action="/secureAction" >
<!- The form's input elements specified here -->
</sslext:form>
<sslext:form action="/nonsecureAction" >
<!- The form's input elements specified here -->
</sslext:form>
The resulting HTML would look like this:
<form name="testForm" method="POST"
action="https://localhost:8443/testssl/do/secureAction">
<!- The form's input elements specified here -->
</form>
<form name="testForm" method="POST" action="/testssl/do/nonsecureAction">
<!- The form's input elements specified here -->
</form>
The use of this new custom tag should eliminate any redirects that might otherwise have occurred during form submissions.
Struts also provides a custom html:link tag. You substitute this tag for the HTML a to specify anchors or links to other Web resources. The custom tag also offers other features, such as the ability to build
a query string from specified bean component properties and add that query string to the specified link.
Applying the same logic outlined for our sslext:form custom tag, we extend the html:link to exhibit the same behavior. This tag extension, called sslext:link, renders HTML a tags that link directly to the specified actions using the correct protocol. This will further minimize the number of redirects
performed by our mixed protocol solution's implementation. Our original and new extension classes: org.apache.struts.taglib.FormTag and org.apache.struts.taglib.SecureFormTag, respectively.
For an example of our new sslext:link custom tag, assume a JSP transmitted using HTTPS includes the following two links:
<sslext:link page="/do/secureLinkAction" >Secure Link</sslext:link> <br> <sslext:link page="/do/nonsecureLinkAction" >Non-Secure Link</sslext:link>
The resulting HTML:
<a href="/testssl/do/secureLinkAction">Secure Link</a> <br> <a href="http://localhost:8080/testssl/do/nonsecureLinkAction">Non-Secure Link</a>
Had the same page been transmitted via HTTP, the resulting HTML would be:
<a href="https://localhost:8443/testssl/do/secureLinkAction">Secure Link</a> <br> <a href="/testssl/do/nonsecureLinkAction">Non-Secure Link</a>
Through the use of these two new custom tags, a Struts action request should generate a redirect as part of our solution in two instances only:
secure property specification
Redirects would still be required for a JSP that utilizes the sslext:pageScheme tag to specify a protocol that fails to match the protocol of the Struts action that forwarded to it.
After my first article published, many developers told me they had faced the mixed protocol problem multiple times and had longed for a solution such as the one I presented. The solution's flexibility lets you easily change a Web resource's transmission protocol specification any time during development or even after deployment. Combining that strength with the power of Struts and then building upon that framework produces an even greater tool. Because Struts is an open source framework, it relies upon the innovation and contribution from numerous developers. The ease with which you can extend Struts encourages this innovation.