I'm using a product in java, where in recently changed the configuration to https. It's working fine now.But the http:// page is blank.I need to force redirect http:// to https:// while loading. I've used <security-constraint> plug-in in web.xml. But it's not redirecting. Is there any plug-in that can be added in web.xml that will force redirect the URL from http:// to https://. Since it's a product i can't touch the init() method of controller servlet to check the request and redirect.
If you have a webserver, it is common to configure the webserver to do the redirect. If you have to do it on an app server, I'm not sure if you can do it without changing the servlet. You could always write a wrapper servlet that takes care of the redirection if http is called and delgates to the original servlet if https is called.
I think we can write a Filter for url-pattern '/*' which could just check if the request isSecure() or not; then forward the request accordingly. I mean, if request is not secure, get the real-path/url of the request and edit it and do sendRedirect(secureUrl).
Joined: Apr 21, 2008
Thank you for good suggestion.
I'm using webserver. https configuration is working fine. Since I'm using a product i can't write a filter and deploy it again.
I found the below plug-in that can be inserted in web.xml to resolve the issue. But still it's not working.
<security-constraint> <web-resource-collection> <web-resource-name>app or resourcename</web-resource-name> <url-pattern>/*</url-pattern> <!-- define all url patterns that need to be protected--> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection>
<!-- Map the Tracer servlet to / so it is the root location. Everything that does not match a specific --> <!-- mapped servlet or context will be directed back to the login page via this mapping --> <servlet-mapping> <servlet-name>Tracer</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping>
I've given the application name in <web-resource-name> and <url-pattern>/*</url-pattern> Also tried with <url-pattern>*.do</url-pattern>
Both are not working.
Also I'm plugging the <security-constraint> tag just before the </web-app> tag.
Is there any other configurations needs to be done?