aspose file tools*
The moose likes Servlets and the fly likes Force URL redirect from http to https? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Force URL redirect from http to https? " Watch "Force URL redirect from http to https? " New topic
Author

Force URL redirect from http to https?

Joshua Emerson
Greenhorn

Joined: Apr 21, 2008
Posts: 19
I'm using a product in java, where in recently changed the configuration to https. It's working fine now.But the http:// page is blank.I need to force redirect http:// to https:// while loading. I've used <security-constraint> plug-in in web.xml. But it's not redirecting. Is there any plug-in that can be added in web.xml that will force redirect the URL from http:// to https://. Since it's a product i can't touch the init() method of controller servlet to check the request and redirect.

Ex: if i type http://localhost while loading it should go to https://localhost

Thanks,
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30506
    
150

Joshua,
Welcome to JavaRanch!

If you have a webserver, it is common to configure the webserver to do the redirect. If you have to do it on an app server, I'm not sure if you can do it without changing the servlet. You could always write a wrapper servlet that takes care of the redirection if http is called and delgates to the original servlet if https is called.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Sastry Kuppa
Greenhorn

Joined: Oct 02, 2008
Posts: 4
I think we can write a Filter for url-pattern '/*' which could just check if the request isSecure() or not; then forward the request accordingly.
I mean, if request is not secure, get the real-path/url of the request and edit it and do sendRedirect(secureUrl).
Joshua Emerson
Greenhorn

Joined: Apr 21, 2008
Posts: 19
Thank you for good suggestion.

I'm using webserver. https configuration is working fine. Since I'm using a product i can't write a filter and deploy it again.

While the page loads To auto change the URL from http://localhost to https://localhost

I found the below plug-in that can be inserted in web.xml to resolve the issue. But still it's not working.

<security-constraint>
<web-resource-collection>
<web-resource-name>app or resourcename</web-resource-name>
<url-pattern>/*</url-pattern> <!-- define all url patterns that need to be protected-->
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>

<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Can you just help me in resolving this issue..

Thanks,
Ankit Nagpal
Ranch Hand

Joined: Sep 09, 2008
Posts: 47

What is the error that you are getting?
Joshua Emerson
Greenhorn

Joined: Apr 21, 2008
Posts: 19
I'm getting a plain page with URL http://localhost. So manually i'm changing the URL to https://localhost to work.
Ankit Nagpal
Ranch Hand

Joined: Sep 09, 2008
Posts: 47

Tried your code on my development environment and its working fine. http request automatically is changed to https.

Please paste your partial web.xml code and the request URL in your next reply so that I can have a look.

In the meantime, have a look at this link, it might just help solve your issue. (only if the server is Tomcat)
[ October 11, 2008: Message edited by: Ankit Nagpal ]
Joshua Emerson
Greenhorn

Joined: Apr 21, 2008
Posts: 19
The web.xml details that will be helpful.

<servlet>
<servlet-name>Tracer</servlet-name>
<servlet-class>com.logic.cs.servlet.Tracer</servlet-class>
<init-param>
<param-name>rootdir</param-name>
<param-value>path of webapps</param-value>
</init-param>
<init-param>
<param-name>ccm_home</param-name>
<param-value>application path</param-value>
</init-param>
<init-param>
<param-name>protocol</param-name>
<param-value>https</param-value>
</init-param>
<init-param>
<param-name>port</param-name>
<param-value>8607</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>XFireServlet</servlet-name>
<url-pattern>/webservices/*</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>dwr-invoker</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>

<!-- Map the Tracer servlet to / so it is the root location. Everything that does not match a specific -->
<!-- mapped servlet or context will be directed back to the login page via this mapping -->
<servlet-mapping>
<servlet-name>Tracer</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>


I've given the application name in <web-resource-name> and
<url-pattern>/*</url-pattern>
Also tried with <url-pattern>*.do</url-pattern>

Both are not working.

Also I'm plugging the <security-constraint> tag just before the </web-app> tag.

Is there any other configurations needs to be done?
luix luix
Greenhorn

Joined: Oct 23, 2008
Posts: 1
you also need sslext.jar and this code in your web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>SSL Pages</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61191
    
  66

"luix luix",

There aren't many rules that you need to worry about here on the Ranch, but one that we take very seriously regards the use of proper names. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

Thanks!
bear
JavaRanch Sheriff


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Joshua Emerson
Greenhorn

Joined: Apr 21, 2008
Posts: 19
Hi,

I've plugged in the security-constraint tag in web.xml and placed sslext.jar (downloaded from http://sourceforge.net/project/showfiles.php?group_id=59967) in lib. It seems that the sslext.jar that i got is application specific. But still it's not redirecting automatically. Is it server specific?
Joshua Emerson
Greenhorn

Joined: Apr 21, 2008
Posts: 19
Also le me know how the redirection happens from http to https after including <security-constraint> tag and a sslext.jar?
Joshua Emerson
Greenhorn

Joined: Apr 21, 2008
Posts: 19
Also let me know how the redirection happens from http to https after including <security-constraint> tag and sslext.jar?
Joshua Emerson
Greenhorn

Joined: Apr 21, 2008
Posts: 19
Is there any other (as the previous solution does not work) option to auto re direct of http to https while loading?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Force URL redirect from http to https?