The Jakarta Project < Velocity Tools - Struts >

Velocity Tools

VelocityStruts

VelocityStruts Tools

Other Subprojects

SecureLinkTool Reference Documentation
       

The SecureLinkTool extends the standard LinkTool and has the exact same interface as StrutsLinkTool and the same function. It should substitute the StrutsLinkTool in the toolbox if SSL Ext is installed. It's functionality is a subset of the functionality provided by the sslext tag library for JSP.

The SSL Ext. Struts extension package makes it possible to declare Struts actions secure, non-secure, or neutral in the struts config like so:


        <action path="/someSecurePath" type="some.important.Action">
            <set-property property="secure" value="true"/>
            <forward name="success" path="/somePage.vm" />
        </action>

If an action is declared secure the SecureLinkTool will render the relevant link as https (if not already in ssl-mode). In the same way, if an action is declared non-secure the SecureLinkTool will render the relevant link as http (if in ssl-mode). If the action is declared as neutral (with a "secure" property of "any") then the SecureLinkTool won't force a protocol change either way.
If the custom request processor is also used then a request will be redirected to the correct protocol if an action URL is manually entered into the browser with the wrong protocol

These are the steps needed to enable SSL Ext:

  • SSL connections need to be enabled on the webserver.
  • The Java Secure Socket Extension (JSSE) package needs to be in place (it's integrated into the Java 2 SDK Standard Edition, v. 1.4 but optional for earlier versions)
  • In toolbox.xml the SecureLinkTool should substitute the StrutsLinkTool
  • In struts-conf.xml the custom action-mapping class needs to be specified
  • In struts-conf.xml the custom controller class can optionally be specified (if the redirect feature is wanted)
  • In struts-conf.xml the SecurePlugIn needs to be added
  • In struts-conf.xml, when using Tiles, the SecureTilesPlugin substitues both the TilesPlugin and the SecurePlugIn and it also takes care of setting the correct controller so there is no need to specify the custom controller.
See Also
SSL Ext. project home
Class
 org.apache.velocity.tools.struts.SecureLinkTool
Name
 $link (this is the recommended name of the tool in the Velocity context)
Toolbox Configuration Example
 
<tool>
  <key>link</key>
  <scope>request</scope>
  <class>org.apache.velocity.tools.struts.SecureLinkTool</class>
</tool>
Author(s)
  Marino A. Jonsson
Copyright © 1999-2003, Apache Software Foundation