File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Struts and the fly likes Redirecting the application from HTTP to HTTPS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Redirecting the application from HTTP to HTTPS" Watch "Redirecting the application from HTTP to HTTPS" New topic
Author

Redirecting the application from HTTP to HTTPS

Harika emm
Greenhorn

Joined: May 28, 2008
Posts: 8
Hi
I am using struts in my application...and I want to run secured pages to under https and other page like login page under http..
for that i included a redirect to HTTPServlet

it works well in tomcat 5.0 but not in 5.5 ... Here the problem is when i try to convert from the HTTP to HTTPS in tomcat 5.5 instead of showing the struts action path in the URL as (http://localhost:8080/gensource.do ) it is passing the parameter in the URL as (http://localhost:8080/web/jsp/common/gensource_home.jsp) i.e., the location of the jsp file and not logging into the application

But if i try to run complete application in the HTTPS then it works well even in tomcat 5.5 ...
problem occurs only when i try to redirect from HTTP to HTTPS ... can any one help me it this regard

Thankyou


[Thumbnail for tomcat5.5_error.jpg]

Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

What this statement print ?


[LEARNING bLOG] | [Freelance Web Designer] | [and "Rohan" is part of my surname]
Harika emm
Greenhorn

Joined: May 28, 2008
Posts: 8
The log statement prints following when i use tomcat5.5
https://localhost:8443/ProjectName/web/jsp/common/gensource_home.jsp

but if i use tomcat5.0, the same statement prints as
https://localhost:8443/ProjectName/gensource.do

i have the following statement in struts-config.xml file

<action path="/gensource" parameter="/web/jsp/common/gensource_home.jsp" type="org.apache.struts.actions.ForwardAction"/>
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Intrestingly, this happens beacuse servlet spec changeed from Tomcat 5 to TOmcat 5.5, so you need to use other methods like javax.servlet.http.HttpServletRequest#getRequestURI() OR javax.servlet.http.HttpServletRequest#getServletPath() OR ActionMapping#getPath().

Also, this issue is reported as a bug

Harika emm
Greenhorn

Joined: May 28, 2008
Posts: 8
Thanks for your reply...
I tried to use request.getURI() and request.getServlet() methods...but those methods also giving whole path...

Harika emm
Greenhorn

Joined: May 28, 2008
Posts: 8
Thanks for your reply...
I tried to use request.getRequestURI() and request.getServletPath() methods...but those methods also giving whole path...
Can you tell me how to ActionMapping's getPath() method to get action path...actually i wrote this method in normal java file..and calling this method in all jsp pages..

Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Harika emm wrote:
Can you tell me how to ActionMapping's getPath() method to get action path...

So your not using any Struts Action Class

Harika emm wrote:...actually i wrote this method in normal java file..and calling this method in all jsp pages..

How ? Can you post the example of how you're doing this ?

Also one wise suggestion, asked the same questions with more details in JSP OR Servlets forum, but not in both. Carefully Choose One Forum.
Harika emm
Greenhorn

Joined: May 28, 2008
Posts: 8
At the top of jsp page , i added the following line

JSPHttpRedirect.redirectToHTTPS(request,response);

JSPHttpRedirect.java file contains

import org.apache.log4j.*;

import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/** This object is used by JSP pages in order to redirect the user from
the
* https login screen to the url they requested. The only catch is that
the
* URL the user requested required http. Therefore this object will
* change the protocol of the URL back to http instead of https.
*
* @author psantos
*/
public class JSPHttpRedirect
{
public final static boolean DEBUG = false;
static Logger log = GetDataBaseConnection.log;
/** Creates a new instance of JSPHttpRedirect */
public JSPHttpRedirect()
{
}

/** This will redirect the user from the http login page to
* the https page they are supposed to go to. If the request url
* uses https then nothing is done.
* @param request The object that represents the client request.
* @param response The object that representes the client response.
*/
public static void redirectToHTTPS(HttpServletRequest request,
HttpServletResponse response)
{
System.out.println("issecure==>"+request.isSecure());
if(!request.isSecure())
{

String reqURL = request.getRequestURL().toString();

if(reqURL.startsWith("http"))
{
reqURL = reqURL.substring(4);
reqURL = "https"+reqURL;

reqURL = reqURL.replace("8080", "8443");

System.out.println("reqURL-===>"+reqURL);
boolean isMozillaBrowser =isMozillaBrowser(request);

if(isMozillaBrowser) // mozilla perform a redirect.
{
try
{
response.sendRedirect(response.encodeRedirectURL(reqURL));
}
catch(Exception e)
{
e.printStackTrace();
}
}
else // internet explorer set the location header field
{
reqURL = response.encodeURL(reqURL);
response.setHeader("Location",reqURL);

}

}
}

}
/** This will redirect the user from the https secured pages to
* the http page they are supposed to go to. If the request url
* uses https then nothing is done.
* @param request The object that represents the client request.
* @param response The object that representes the client response.
*/
public static void redirectToHTTP(HttpServletRequest request,
HttpServletResponse response)
{
log.info("issecurehttp==>"+request.isSecure());

// we came from a secure login but we intended to use http.
// therefore we need to convert the URL to use http protocol

String reqURL = request.getRequestURL().toString();

if(reqURL.startsWith("https"))
{
reqURL = reqURL.substring(5);
reqURL = "http"+reqURL;

reqURL = reqURL.replace("8443", "8080");

log.info("reqURLHttp-===>"+reqURL);
boolean isMozillaBrowser =isMozillaBrowser(request);

// depending on the browser do the appropriate thing to
// avoid a popup being shown to the user that they were
// redirected from an https to an http URL.

if(isMozillaBrowser) // mozilla perform a redirect.
{
try
{

response.sendRedirect(response.encodeRedirectURL(reqURL));
}
catch(Exception e)
{
e.printStackTrace();
}
}
else // internet explorer set the location header field
{
reqURL = response.encodeURL(reqURL);
response.setHeader("Location",reqURL);
try
{

response.sendRedirect(response.encodeRedirectURL(reqURL));
}
catch(Exception e)
{
e.printStackTrace();
}
}
// }
//}
}
}

/** This method determines the type of browser the request is from.
* If the browser is a netscape or mozilla browser return true.
* If it's internet explorer return false.
* @param request The object that represents the client request.
*/
public static boolean isMozillaBrowser(HttpServletRequest request)
{

// this snipet of code was found over the web on 11/09/2005
// http://hotwired.lycos.com/
// webmonkey/01/22/index3a_page4.html?tw=programming

String agent = request.getHeader("USER-AGENT");
if (null != agent && -1 != agent.indexOf("MSIE"))
{
return false;
}
return true;
}
}
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Please, UseCodeTags

Also, one thing I noticed that, you can implemented this logic in JavaScript by using window.location = newURL. Why do you want to use Java Code in JSP, a scriptlets, its a bad programming practice, can't you just use JavaScript.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Redirecting the application from HTTP to HTTPS