The secure parameter forces the server to use HTTPS regardless of the last action's response. Add this parameter as the fourth parameter to force the action to use HTTPS:
<action path="/spe/user/Login" type="com.sun.idm.idmx.web.ProcessFormAction" parameter="IDMXNoop,#ID#UserForm:IDMXLoginForm,com.sun.idm.idmx.web.LoginForm,secure"> <forward name="success" path=".page.Login"/> <forward name="post" path="/spe/user/Login.do" /> <forward name="next" path="/spe/user/protected/Home.do?newView=true" /> <forward name="cancel" path="/spe/user/Login.do" /> </action>
If your servers do not use port 80 for HTTP or port 443 for HTTPS, modify WEB-INF/web.xml to include the following context parameters:
<context-param> <param-name>listenPort_http</param-name> <param-value>7001</param-value> </context-param> <context-param> <param-name>listenPort_https</param-name> <param-value>7002</param-value> </context-param>
The above code sample tells Struts to use port 7001 for HTTP and port 7002 for HTTPS.