SSL Modification
================

Changes:
- Added new Annotation class "net.sourceforge.stripes.action.Secure"
- Added new Method "encodeUrl(String url)" to StripesTagSupport
- Added new classes in util:
	- net.sourceforge.stripes.util.UrlParser
	- net.sourceforge.stripes.util.HttpUrlInfo
- Added new package util/ssl
- Modified the Configuration and DefaultConfiguration classes
- Modified the RedirectResolution class in order to correctly switch SSL during redirects as well
- Removed obsolete HttpServletResponse from the import statements in
	- LinkTagSupport
	- FormTag
- refactored buildUrl method in LinkTagSupport and moved contextPath-handling to the new encodeUrl() method in StripesTagSupport


Usage:
- Configure SSL Host/port and Non SSL Host/Port within your web.xml:
	<init-param>
		<param-name>SSL.Enabled</param-name>
		<param-value>true</param-name>
	</init-param>
	<init-param>
		<param-name>SSL.SecureHost</param-name>
		<param-value>localhost:8443</param-name>
	</init-param>
	<init-param>
		<param-name>SSL.UnsecureHost</param-name>
		<param-value>localhost:8080</param-name>
	</init-param>
	<init-param>
		<param-name>SSL.SessionMode</param-name>
		<param-value>never | always | auto</param-name>
	</init-param>
	
	If secure and unsecure host are the same and the default ports are used (80/443), neither SSL.SecureHost nor
	SSL.UnsecureHost need to be specified.

	In order to disable SSL all together the SSL.Enabled property can be specified with a value of "false"

	SessionMode specifies, how session ids will be handled:
	- never => when the URL is rewritten, any jsessionid present will be stripped from the URL 
	  even if the container relies on url rewriting to keep track of sessions.
	  This will lead to too separate sessions one for the secure requests and one for insecure requests.
	  never is the default sessionMode since it is the most secure one.
	- always => the session id will always be added to the url even if the container uses Cookies to
	  keep track of sessions. This effectivly will lead to the same session being shared for secure and 
	  unsecure pages. While this is the most convenient way it is also insecure since the sessions can
	  be hijacked
	- auto => if a session id is present in the original url it will be kept. 

- It is also possible to configure SSL settings via a custom class. To do this, one has to specify the custom
configuration class:

	<init-param>
		<param-name>SslConfiguration.Class</param-name>
		<param-value>full.qualified.className.here</param-value>
	</init-param>

- Mark your ActionBeans that should be SSL protected with the new @Secure Annotation.

That's it. The Stripes link, url and form tag will check the destination ActionBean on its Secure-state.
If the target ActionBean is marked as Secure and the current url is not secure, the url will be rewritten automatically.
the same applies for links to non-secure ActionBeans references from secure pages.

! All modifications are marked with comments "BEGIN SSL MOD"/"END SSL MOD" !




Optionally exclude special parameters on link/url tag:
======================================================

Changes:
- Added new attribute to LinkTagSupport "excludeSpecialParams"
- Added new attribute to the stripes.tld as well for link and url tag
- modified the buildUrl() method in LinkTagSupport to check the new attribute

Usage:
In order to prevent stripes from adding the source page parameter, add <s:link ... excludeSpecialParams="true" /> to your tag

! All modifications are marked with comments "BEGIN SOURCE PAGE MOD"/"END SOURCE PAGE MOD" !