81,094
社区成员
发帖
与我相关
我的任务
分享struts2 SSL 插件问题
最近在做一个网站,用的是Struts2,因为注册的画面和购物的画面要用到SSL,按照
那么就要把struts2的action中在这之中切换,于是找到SSL的一个
struts2的一个插件:
http://code.google.com/p/struts2-ssl-plugin/
大致讲解下:
首先当然把包COPY到lib下了;
之后在struts.xml中设置:
<constant name="struts2.sslplugin.httpPort" value="8085"/>
<constant name="struts2.sslplugin.httpsPort" value="8443"/>
<package name="default" extends="ssl-default">
注意,default里可以继承这个ssl-default,因为其实这个ssl-default也是继承
struts-default的,放心用
之后在你要某个SSL的方法前,用注释,就行了:
@Secured
public String execute1() throws Exception {
log.info("Inside execute1() method");
return SUCCESS;
}
如果要整个类都要SSL,则
@Secured
public class IndexAction extends ActionSupport {
以上的设置,注册画面好用,但是到购物画面的时候,因为不是所有事件都加密,只有在个别方法的时候加密,就在单个方法加@Secured 了,但是如果是href链接到这个方法好用,如果是sumbit提交的话,就跳转不到这个方法,哪位高手能解决一下,是不是跟什么重定向有关系啊,我看了插件里的好像用的是重定向,插件过滤流代码一下:
/*jadclipse*/package com.googlecode.sslplugin.interceptors;
import com.googlecode.sslplugin.annotation.Secured;
import com.opensymphony.xwork2.*;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import java.lang.reflect.Method;
import java.net.URI;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class SSLInterceptor extends AbstractInterceptor {
public SSLInterceptor() {
/* 33*/useAnnotations = true;
/* 49*/log.info("Intializing SSLInterceptor");
}
public String intercept(ActionInvocation invocation) throws Exception {
/* 59*/ActionContext context = invocation.getInvocationContext();
/* 60*/HttpServletRequest request = (HttpServletRequest) context.get("com.opensymphony.xwork2.dispatcher.HttpServletRequest");
/* 62*/HttpServletResponse response = (HttpServletResponse) context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse");
/* 66*/String scheme = request.getScheme().toLowerCase();
/* 69*/String method = request.getMethod().toUpperCase();
/* 77*/Object action = invocation.getAction();
/* 78*/Method method2 = getActionMethod(
action.getClass(),
invocation.getProxy().getMethod());
/* 81*/if (!isUseAnnotations()
|| action.getClass().isAnnotationPresent(
com / googlecode / sslplugin / annotation / Secured)
|| method2.isAnnotationPresent(com
/ googlecode / sslplugin / annotation / Secured)) {
/* 84*/if (("GET".equals(method) || "POST".equals(method))
&& "http".equals(scheme)) {
/* 87*/int httpsPort = getHttpsPort() != null ? Integer.parseInt(getHttpsPort())
: 8443;
/* 89*/URI uri = new URI(
"https", null, request.getServerName(), httpsPort,
response.encodeRedirectURL(request.getRequestURI()),
request.getQueryString(), null);
/* 93*/log.info((new StringBuilder()).append(
"Going to SSL mode, redirecting to ")
.append(uri.toString())
.toString());
/* 95*/response.sendRedirect(uri.toString());
/* 96*/return null;
}
}
else
/* 103*/if (("GET".equals(method) || "POST".equals(method))
&& "https".equals(scheme)) {
/* 106*/int httpPort = getHttpPort() != null ? Integer.parseInt(getHttpPort())
: 8080;
/* 108*/URI uri = new URI(
"http", null, request.getServerName(), httpPort,
response.encodeRedirectURL(request.getRequestURI()),
request.getQueryString(), null);
/* 112*/log.info((new StringBuilder()).append(
"Going to non-SSL mode, redirecting to ")
.append(uri.toString())
.toString());
/* 114*/response.sendRedirect(uri.toString());
/* 115*/return null;
}
/* 119*/return invocation.invoke();
}
protected Method getActionMethod(Class actionClass, String methodName)
throws NoSuchMethodException {
Method method;
/* 126*/try {
/* <-MISALIGNED-> *//* 126*/method = actionClass.getMethod(
methodName,
new Class[0]);
}
/* <-MISALIGNED-> *//* 127*/catch (NoSuchMethodException e) {
/* <-MISALIGNED-> *//* 130*/try {
/* <-MISALIGNED-> *//* 130*/String altMethodName = (new StringBuilder()).append(
"do")
.append(methodName.substring(0, 1).toUpperCase())
.append(methodName.substring(1))
.toString();
/* <-MISALIGNED-> *//* 131*/method = actionClass.getMethod(
altMethodName,
new Class[0]);
}
/* <-MISALIGNED-> *//* 132*/catch (NoSuchMethodException e1) {
/* <-MISALIGNED-> *//* 134*/throw e;
}
}
/* <-MISALIGNED-> *//* 137*/return method;
}
public String getHttpsPort() {
/* <-MISALIGNED-> *//* 142*/return httpsPort;
}
public void setHttpsPort(String httpsPort) {
/* <-MISALIGNED-> *//* 146*/this.httpsPort = httpsPort;
}
public String getHttpPort() {
/* <-MISALIGNED-> *//* 150*/return httpPort;
}
public void setHttpPort(String httpPort) {
/* <-MISALIGNED-> *//* 154*/this.httpPort = httpPort;
}
public boolean isUseAnnotations() {
/* <-MISALIGNED-> *//* 158*/return useAnnotations;
}
public void setUseAnnotations(boolean useAnnotations) {
/* <-MISALIGNED-> *//* 162*/this.useAnnotations = useAnnotations;
}
private static Log log = LogFactory.getLog(com
/ googlecode / sslplugin / interceptors / SSLInterceptor);
private String httpsPort;
private String httpPort;
private boolean useAnnotations;
static final int HTTP_PORT = 8080;
static final int HTTPS_PORT = 8443;
static final String HTTP_GET = "GET";
static final String HTTP_POST = "POST";
static final String SCHEME_HTTP = "http";
static final String SCHEME_HTTPS = "https";
}
/*
DECOMPILATION REPORT
Decompiled from: C:\Tomcat5.5\webapps\ccsr-aoba\WEB-INF\lib\struts2-ssl-plugin-1.0.jar
Total time: 1515 ms
Jad reported messages/errors:
Exit status: 0
Caught exceptions:
*/
那么就要把struts2的action中在这之中切换,于是找到SSL的一个
struts2的一个插件:
http://code.google.com/p/struts2-ssl-plugin/
大致讲解下:
首先当然把包COPY到lib下了;
之后在struts.xml中设置:
<constant name="struts2.sslplugin.httpPort" value="8085"/>
<constant name="struts2.sslplugin.httpsPort" value="8443"/>
<package name="default" extends="ssl-default">
注意,default里可以继承这个ssl-default,因为其实这个ssl-default也是继承
struts-default的,放心用
之后在你要某个SSL的方法前,用注释,就行了:
@Secured
public String execute1() throws Exception {
log.info("Inside execute1() method");
return SUCCESS;
}
如果要整个类都要SSL,则
@Secured
public class IndexAction extends ActionSupport {
以上的设置,注册画面好用,但是到购物画面的时候,因为不是所有事件都加密,只有在个别方法的时候加密,就在单个方法加@Secured 了,但是如果是href链接到这个方法好用,如果是sumbit提交的话,就跳转不到这个方法,哪位高手能解决一下,是不是跟什么重定向有关系啊,我看了插件里的好像用的是重定向,插件过滤流代码一下:
/*jadclipse*/package com.googlecode.sslplugin.interceptors;
import com.googlecode.sslplugin.annotation.Secured;
import com.opensymphony.xwork2.*;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import java.lang.reflect.Method;
import java.net.URI;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class SSLInterceptor extends AbstractInterceptor {
public SSLInterceptor() {
/* 33*/useAnnotations = true;
/* 49*/log.info("Intializing SSLInterceptor");
}
public String intercept(ActionInvocation invocation) throws Exception {
/* 59*/ActionContext context = invocation.getInvocationContext();
/* 60*/HttpServletRequest request = (HttpServletRequest) context.get("com.opensymphony.xwork2.dispatcher.HttpServletRequest");
/* 62*/HttpServletResponse response = (HttpServletResponse) context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse");
/* 66*/String scheme = request.getScheme().toLowerCase();
/* 69*/String method = request.getMethod().toUpperCase();
/* 77*/Object action = invocation.getAction();
/* 78*/Method method2 = getActionMethod(
action.getClass(),
invocation.getProxy().getMethod());
/* 81*/if (!isUseAnnotations()
|| action.getClass().isAnnotationPresent(
com / googlecode / sslplugin / annotation / Secured)
|| method2.isAnnotationPresent(com
/ googlecode / sslplugin / annotation / Secured)) {
/* 84*/if (("GET".equals(method) || "POST".equals(method))
&& "http".equals(scheme)) {
/* 87*/int httpsPort = getHttpsPort() != null ? Integer.parseInt(getHttpsPort())
: 8443;
/* 89*/URI uri = new URI(
"https", null, request.getServerName(), httpsPort,
response.encodeRedirectURL(request.getRequestURI()),
request.getQueryString(), null);
/* 93*/log.info((new StringBuilder()).append(
"Going to SSL mode, redirecting to ")
.append(uri.toString())
.toString());
/* 95*/response.sendRedirect(uri.toString());
/* 96*/return null;
}
}
else
/* 103*/if (("GET".equals(method) || "POST".equals(method))
&& "https".equals(scheme)) {
/* 106*/int httpPort = getHttpPort() != null ? Integer.parseInt(getHttpPort())
: 8080;
/* 108*/URI uri = new URI(
"http", null, request.getServerName(), httpPort,
response.encodeRedirectURL(request.getRequestURI()),
request.getQueryString(), null);
/* 112*/log.info((new StringBuilder()).append(
"Going to non-SSL mode, redirecting to ")
.append(uri.toString())
.toString());
/* 114*/response.sendRedirect(uri.toString());
/* 115*/return null;
}
/* 119*/return invocation.invoke();
}
protected Method getActionMethod(Class actionClass, String methodName)
throws NoSuchMethodException {
Method method;
/* 126*/try {
/* <-MISALIGNED-> *//* 126*/method = actionClass.getMethod(
methodName,
new Class[0]);
}
/* <-MISALIGNED-> *//* 127*/catch (NoSuchMethodException e) {
/* <-MISALIGNED-> *//* 130*/try {
/* <-MISALIGNED-> *//* 130*/String altMethodName = (new StringBuilder()).append(
"do")
.append(methodName.substring(0, 1).toUpperCase())
.append(methodName.substring(1))
.toString();
/* <-MISALIGNED-> *//* 131*/method = actionClass.getMethod(
altMethodName,
new Class[0]);
}
/* <-MISALIGNED-> *//* 132*/catch (NoSuchMethodException e1) {
/* <-MISALIGNED-> *//* 134*/throw e;
}
}
/* <-MISALIGNED-> *//* 137*/return method;
}
public String getHttpsPort() {
/* <-MISALIGNED-> *//* 142*/return httpsPort;
}
public void setHttpsPort(String httpsPort) {
/* <-MISALIGNED-> *//* 146*/this.httpsPort = httpsPort;
}
public String getHttpPort() {
/* <-MISALIGNED-> *//* 150*/return httpPort;
}
public void setHttpPort(String httpPort) {
/* <-MISALIGNED-> *//* 154*/this.httpPort = httpPort;
}
public boolean isUseAnnotations() {
/* <-MISALIGNED-> *//* 158*/return useAnnotations;
}
public void setUseAnnotations(boolean useAnnotations) {
/* <-MISALIGNED-> *//* 162*/this.useAnnotations = useAnnotations;
}
private static Log log = LogFactory.getLog(com
/ googlecode / sslplugin / interceptors / SSLInterceptor);
private String httpsPort;
private String httpPort;
private boolean useAnnotations;
static final int HTTP_PORT = 8080;
static final int HTTPS_PORT = 8443;
static final String HTTP_GET = "GET";
static final String HTTP_POST = "POST";
static final String SCHEME_HTTP = "http";
static final String SCHEME_HTTPS = "https";
}
/*
DECOMPILATION REPORT
Decompiled from: C:\Tomcat5.5\webapps\ccsr-aoba\WEB-INF\lib\struts2-ssl-plugin-1.0.jar
Total time: 1515 ms
Jad reported messages/errors:
Exit status: 0
Caught exceptions:
*/
...全文
请发表友善的回复…
发表回复
聆听随风 2013-05-08
- 打赏
- 举报
如何从http跳转到https呢以及从https跳转到http呢
曾经是个娃 2011-12-21
- 打赏
- 举报
各种jar包冲突和版本问题 都凸显出来了
sunyoulao 2011-03-22
- 打赏
- 举报
你可以尝试下将需要执行的方法,即包含该方法的action配置在继承了ssl-default包的包下。即将action配置在
<package name="sunyou" namespace="/com/sunyou" extends="ssl-default">
<action><!--将你要执行的方法配置此处试试--></action>
</package>
如果还是不行,可以差看我的博客http://blog.csdn.net/sunyoulao/archive/2011/03/22/6267485.aspx
该文章就是针对你的问题从头到尾演示了。我的演示一切都正常。希望对你会有帮助。
<package name="sunyou" namespace="/com/sunyou" extends="ssl-default">
<action><!--将你要执行的方法配置此处试试--></action>
</package>
如果还是不行,可以差看我的博客http://blog.csdn.net/sunyoulao/archive/2011/03/22/6267485.aspx
该文章就是针对你的问题从头到尾演示了。我的演示一切都正常。希望对你会有帮助。
fjbperfect 2011-01-31
- 打赏
- 举报
这个插件用post方法会有问题,还有对服务器环境配置也有要求的,建议自己写SSL拦截器
