Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Force URL redirect from http to https?

 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm using a product in java, where in recently changed the configuration to https. It's working fine now.But the http:// page is blank.I need to force redirect http:// to https:// while loading. I've used <security-constraint> plug-in in web.xml. But it's not redirecting. Is there any plug-in that can be added in web.xml that will force redirect the URL from http:// to https://. Since it's a product i can't touch the init() method of controller servlet to check the request and redirect.

Ex: if i type http://localhost while loading it should go to https://localhost

Thanks,
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34410
346
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Joshua,
Welcome to JavaRanch!

If you have a webserver, it is common to configure the webserver to do the redirect. If you have to do it on an app server, I'm not sure if you can do it without changing the servlet. You could always write a wrapper servlet that takes care of the redirection if http is called and delgates to the original servlet if https is called.
 
Sastry Kuppa
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think we can write a Filter for url-pattern '/*' which could just check if the request isSecure() or not; then forward the request accordingly.
I mean, if request is not secure, get the real-path/url of the request and edit it and do sendRedirect(secureUrl).
 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for good suggestion.

I'm using webserver. https configuration is working fine. Since I'm using a product i can't write a filter and deploy it again.

While the page loads To auto change the URL from http://localhost to https://localhost

I found the below plug-in that can be inserted in web.xml to resolve the issue. But still it's not working.

<security-constraint>
<web-resource-collection>
<web-resource-name>app or resourcename</web-resource-name>
<url-pattern>/*</url-pattern> <!-- define all url patterns that need to be protected-->
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>

<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Can you just help me in resolving this issue..

Thanks,
 
Ankit Nagpal
Ranch Hand
Posts: 47
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is the error that you are getting?
 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm getting a plain page with URL http://localhost. So manually i'm changing the URL to https://localhost to work.
 
Ankit Nagpal
Ranch Hand
Posts: 47
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tried your code on my development environment and its working fine. http request automatically is changed to https.

Please paste your partial web.xml code and the request URL in your next reply so that I can have a look.

In the meantime, have a look at this link, it might just help solve your issue. (only if the server is Tomcat)
[ October 11, 2008: Message edited by: Ankit Nagpal ]
 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The web.xml details that will be helpful.

<servlet>
<servlet-name>Tracer</servlet-name>
<servlet-class>com.logic.cs.servlet.Tracer</servlet-class>
<init-param>
<param-name>rootdir</param-name>
<param-value>path of webapps</param-value>
</init-param>
<init-param>
<param-name>ccm_home</param-name>
<param-value>application path</param-value>
</init-param>
<init-param>
<param-name>protocol</param-name>
<param-value>https</param-value>
</init-param>
<init-param>
<param-name>port</param-name>
<param-value>8607</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>XFireServlet</servlet-name>
<url-pattern>/webservices/*</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>dwr-invoker</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>

<!-- Map the Tracer servlet to / so it is the root location. Everything that does not match a specific -->
<!-- mapped servlet or context will be directed back to the login page via this mapping -->
<servlet-mapping>
<servlet-name>Tracer</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>


I've given the application name in <web-resource-name> and
<url-pattern>/*</url-pattern>
Also tried with <url-pattern>*.do</url-pattern>

Both are not working.

Also I'm plugging the <security-constraint> tag just before the </web-app> tag.

Is there any other configurations needs to be done?
 
luix luix
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you also need sslext.jar and this code in your web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>SSL Pages</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64838
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"luix luix",

There aren't many rules that you need to worry about here on the Ranch, but one that we take very seriously regards the use of proper names. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

Thanks!
bear
JavaRanch Sheriff
 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I've plugged in the security-constraint tag in web.xml and placed sslext.jar (downloaded from http://sourceforge.net/project/showfiles.php?group_id=59967) in lib. It seems that the sslext.jar that i got is application specific. But still it's not redirecting automatically. Is it server specific?
 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also le me know how the redirection happens from http to https after including <security-constraint> tag and a sslext.jar?
 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also let me know how the redirection happens from http to https after including <security-constraint> tag and sslext.jar?
 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there any other (as the previous solution does not work) option to auto re direct of http to https while loading?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic