How do I switch to SSL mode for logon, and then back again for the rest of the session?
This is still harder than it should be, but here's the drill:
The bad news is that you need to hardcode the schema to switch from standard to SSL mode and back again. The good news is that you can mitigate the damage and do most of it it all in the Struts-config.
<forward name="standard" redirect="true"
<forward name="secure" redirect="true"
which are called with code like this in the action
return mapping.findForward(secureMode ? "secure" : "standard");
where "secureMode" is tracked as a session attribute.
If they login or register in secure mode, you can end the process with a [[BIG LINK]] that routes them back to the http scheme.
Messy, but it gets you through the day.
I haven't had time to think about it, but it seems to me that we should be able to work this into the custom tags. Struts is very good about automagically converting the links when you switch schemes, so it seems to me we should be able to force the tags to one scheme or the other, when appropriate.
You could also calculate an absolute URL for this web app, based on things like request.getServerName(), request.getContextPath(), and so on. So, another way to do this would be to have an action that calculated the new absolute URL, wrapped it in a new ActionForward with the "redirect" property set, and return that to the controller servlet. It looks pretty much like what you quoted in the mail message.
NOTE: Because the controller servlet calls encodeRedirectURL() for you on redirections, sessions should survive across this transfer whether or not you are using cookies.
If you're running on ports other than the default (80 and 443), you will probably also want a configuration parameter to define what the corresponding SSL and non-SSL ports are.