Mix protocols transparently in Web applications

Implement HTTP and HTTPS in a safe, flexible, and easily maintainable manner

1 2 3 Page 3
Page 3 of 3

Proposed integration into Struts

Our solution's best implementation would integrate the solution into the Struts framework itself. We could integrate the pageScheme custom tag into the Struts tag library with little or no difficulty.

Struts defines the ActionServlet class, an instance of which reads the Web application's struts-config.xml file at startup time. This instance also controls the execution of all the Web application's actions. Complete integration into Struts would require an additional attribute for the action element in struts-config.xml and an extension to the ActionServlet class. When an action is requested, the new attribute for the action element would specify which protocol to use. We could add two initialization parameters for ActionServlet in the web.xml file for defining the HTTP and HTTPS listening ports. We could add code to ActionServlet to discover these parameter values. Armed with this information and the specification of each action's transmission protocol, the ActionServlet itself could call the redirection logic.

These few changes to Struts would make our SSL implementation solution integral to the framework. In this way, our SSL solution implementation becomes nearly transparent to developers using Struts.

Protect data while enhancing performance

Through the redirect mechanism defined in the Servlet API, we can implement a mixed HTTP/HTTPS Web application in a manner completely transparent to the user. In this way, Web resources requiring SSL are guaranteed transmission via HTTPS. Web resources that do not require SSL are guaranteed transmission via HTTP. This implementation protects sensitive data and enhances Website performance. Through JSP custom tags and a servlet base class, this capability adds little complexity to Web application development. By combining this solution with an external configuration method, Web application maintenance becomes much simpler than other commonly employed solutions. You can also implement this solution using the Struts Web application framework. While this solution works well with Struts, integrating it into Struts as an extension to the framework would prove ideal.

Acknowledgments

I would like to thank Max Cooper, Prakash Malani, and Danny Trieu for their help and inspiration in preparing this article.

Steve Ditlinger is a senior software engineer at eBuilt, Inc. in Irvine, Calif. He has more than 13 years' experience in software development at both large and small companies in Southern California. He has extensive experience in developing enterprise, e-commerce, and other Internet application systems using Java and J2EE technologies for clients in many different industries. In addition, he currently teaches courses in Java and JDBC (Java Database Connectivity) at the California State Polytechnic University at Pomona. He holds bachelor's and master's degrees in engineering from Purdue University.

Learn more about this topic

1 2 3 Page 3
Page 3 of 3