SourceForge has been redesigned. Learn more.


  • Lars

    Lars - 2003-12-03


    I'm also in the process of installing sslext. Unfortunately there seems to be no documentation at all.

    So I tried a quick&dirty documentation of the installation steps I did using struts 1.1 and sslext:

    copy sslext.tld to yourapp\WEB-INF
    copy sslext.jar to yourapp\WEB-INF\lib

    add to struts-config.xml:
    <action-mappings type="org.apache.struts.config.SecureActionConfig">
    <plug-in className="org.apache.struts.action.SecurePlugIn">
        <set-property property="httpPort" value="8080"/>
        <set-property property="httpsPort" value="8443"/>     
        <set-property property="enable" value="true"/> 

    3) possibilities to secure a page
    a) editing jsp directly
    <%@ taglib uri="/WEB-INF/sslext.tld" prefix="sslext"%>
    <sslext:pageScheme secure="true" /> (values: true|false|any)

    b) editing struts-config.xml (prefered)
    <action ...> ...
        <set-property property="secure" value="true"/> (values: true|false|any)
    ... </action>

    Unfortunately I can only use 3a). 3b) seems to get ignored in my application.

    Anyway, I hope I could help others. Maybe there is somenone who writes a short manual. Anything will be appreciated.

    Also refer to


    • Steve Ditlinger

      Steve Ditlinger - 2003-12-09


      Step 2 should include adding the following optional line to the struts-config:
        <controller processorClass="org.apache.struts.action.SecureRequestProcessor" />

      I say optional because you should only include it if you want the automatic redirecting behavior if/when an action is requested using the "wrong"
      protocol.  Without this line, the sslext:link, sslext:form tags etc will continue to work.

    • Matthew S. Ring

      Matthew S. Ring - 2004-03-09

      I followed ALL the instructions in this thread and everything worked fine -- even 3b!  Thank you!

      -Matthew S. Ring

      • Don

        Don - 2004-03-09

        Mine is also working with the directions provided.  I'm using Tiles so I made one more mod to my struts.config file.  Essentially, I changed org.apache.struts.action.SecureRequestProcessor to org.apache.struts.action.SecureTilesRequestProcessor.

        <controller processorClass="org.apache.struts.action.SecureTilesRequestProcessor"/>
          <message-resources parameter="D2Messages" null="false"/>
          <message-resources parameter="D2ERPCodes" null="false" key="D2ERPCodes"/>1

    • Al Capone KRC

      Al Capone KRC - 2005-03-01

      Than you guys. I can't event tell how much you helped me. I was starting to kill my self using mouse wire ;)

    • ur4

      ur4 - 2005-03-14

      Could someone post a more complete example of  a stuts-config.xml file that specifies an action as 'secure'? I'm having the same problem Lars mentioned: 3a works fine but 3b seems to be ignored.


    • Nam Nguyen

      Nam Nguyen - 2005-04-03

      Hi all,

      I've tried everything I've read but to no avail. I used Jboss 4.0.1. And The error I got is:

      HTTP Status 404 - Servlet action is not available


      type Status report

      message Servlet action is not available

      description The requested resource (Servlet action is not available) is not available.


      Apache Tomcat/5.0.28

      Much appreciate if you could point out what might been
      the cause. Thanks.

      ---Nam Nguyen

    • Hamish

      Hamish - 2006-01-26

      In reply to ur4...

      Use Steve's step 2 (he wrote it after all so aught to know) as I understand it this is required because the action could be called from the wrong protocol so you need to be able to handle this and force your will on the pesky thing. If it's any concillation it's taken me ages to get this working but when you do it's very slick indeed - cheers Steve et al.

      For those that were like me two days ago and totally lost in the absecnce of documentation read on

      1)get the source for your version of struts from the forge and paste into your project source directory (.jar file isn't there anymore)

      I got the .tld from the demo app (which didn't work :) in Steve's article mentioned above - stick it in WEB-INF

      then use this cut down struts-config.xml for an app using tiles and DispatchAction as a template..

      <?xml version="1.0" encoding="ISO-8859-1"?>
      <!DOCTYPE struts-config PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 1.2//EN"


        <form-bean name="homeForm" type=""/>



        <action name="myForm" parameter="dispatch" path="/myFirstAction"
         scope="session" type="com.domain.MyFirstAction" validate="false" input=".input_page">

         <set-property property="secure" value="true"/>

         <forward name="goRight" path=".right_page"/>
         <forward name="goLeft" path=".left_page"/>

        <action name="herForm" parameter="dispatch" path="/herAction"
         scope="session" type="com.domain.HerAction" validate="false" input=".her_page">

         <set-property property="secure" value="false"/>

         <forward name="anywhere" path=".anywhere_page"/>


      <controller processorClass="org.apache.struts.action.SecureTilesRequestProcessor" />

      <message-resources parameter="resources.ApplicationResources"/>

      <!--Tiles Plugin-->
      <plug-in className="org.apache.struts.tiles.TilesPlugin">
        <set-property property="definitions-config" value="/WEB-INF/tiles-defs.xml"/>
        <set-property property="moduleAware" value="true"/>

      <!-- Validator Configuration -->
      <plug-in className="org.apache.struts.validator.ValidatorPlugIn">
        <set-property property="pathnames" value="/WEB-INF/validator-rules.xml, /WEB-INF/validation.xml"/>

      <!-- SSLEXT PLUGIN -->
      <plug-in className="org.apache.struts.action.SecurePlugIn">
          <set-property property="httpPort" value="8080"/>
          <set-property property="httpsPort" value="8443"/> 
          <set-property property="enable" value="true"/> 


      Note if you're using e.g. apache httpd server to handle the SSL simply specify the ports you're using default 80 and 443 instead of 8080 and 8443

      Happy Coding


    • techpal

      techpal - 2006-02-24

      Thats hand full of information, thank you all for the effort.

      I have a basic question, does this ssl ext 1.2 works good for struts 1.2.8, as I see latest version of ssl ext is 1.2 which is dated 2004 october.


    • LukeL

      LukeL - 2006-11-28

      Probably a bit late, but for future benefit:

      1 - HTTP Status 404 - Servlet action is not available

      Are you sure your container has HTTPS (SSL) enabled?  I had this problem with Tomcat until I figured out the HTTPS connector wasn't enabled.  Have a read of the docs for your container.

      2 - Does this SSL ext 1.2 work for struts 1.2.8?

      Yes.  I use Struts 1.2.8 and SSLEXT is working fine as far as I can see.

      Good work SLLEXT guys, this is an excelent extension and very easy to use.


Log in to post a comment.