我在Struts2上有一个拦截器,我想让一些页面重定向到它们的ssl版本。
示例:http://localhost/xhtml/path.do?ossesionid=value1到https://localhost/xhtml/path.do?ossesionid=value1
为此,我创建了一个执行此操作的拦截器:
public String intercept(ActionInvocation invocation) throws Exception {
// initialize request and response
final ActionContext context = invocation.getInvocationContext();
final HttpServletRequest request = (HttpServletRequest) context
.get(StrutsStatics.HTTP_REQUEST);
final HttpServletResponse response = (HttpServletResponse) context
.get(StrutsStatics.HTTP_RESPONSE);
// check scheme
String scheme = request.getScheme().toLowerCase();
// check method
String method = request.getMethod().toUpperCase();
// If the action class uses the SSLProtected marker annotation, then see
// if we need to
// redirect to the SSL protected version of this page
if (invocation.getAction() instanceof SSLProtected) {
if (HTTP_GET.equals(method) && SCHEME_HTTP.equals(scheme)) {
// initialize https port
String httpsPortParam = request.getSession().getServletContext().getInitParameter(HTTP_PORT_PARAM);
int httpsPort = httpsPortParam == null ? HTTPS_PORT : Integer.parseInt(httpsPortParam);
response.setCharacterEncoding("UTF-8");
URI uri = new URI(SCHEME_HTTPS, null, request.getServerName(), httpsPort, response.encodeRedirectURL(request.getRequestURI()), request.getQueryString(), null);
log.debug("Going to SSL mode, redirecting to " + uri.toString());
response.sendRedirect(uri.toString());
return null;
}
}
我的问题是我希望这个
https://localhost/xhtml/path.do?ossesionid=value1
得到了
https://localhost/xhtml/path.do;jsessionid=value1?osessionid=value1
我完全迷失了!帮助任何人?
答案 0 :(得分:0)
我强烈建议您使用S2-SSL plugin,它更灵活,并提供更好的支持,以处理从SSL到非SSL的切换,反之亦然。
关于Jsessionid的生成,在创建会话时创建/发送JSESSIONID cookie。当您的代码首次调用request.getSession()或request.getSession(true)时,会创建会话。如果你只想得到session。你有办法禁用Jsessionid的创建
您可以通过多种方式禁用此ID的创建,请参阅此讨论主题。
我仍然不确定您使用此会话ID遇到的问题是什么,因为它是Web应用程序中非常常见的情况