Redirecting the application from HTTP to HTTPS

Hi
I am using struts in my application...and I want to run secured pages to under https and other page like login page under http..
for that i included a redirect to HTTPServlet

public static void redirectToHTTPS(HttpServletRequest request,
                                      HttpServletResponse response)
    {
    	log.info("issecure==>"+request.isSecure());
        if(!request.isSecure())
        {
          String reqURL = request.getRequestURL().toString();
                
                if(reqURL.startsWith("http"))
                {
                    reqURL = reqURL.substring(4);
                    reqURL = "https"+reqURL;
                    log.info("before replace "+reqURL);
                         reqURL = reqURL.replace("8080", "8443");	
                    log.info("reqURL-===>"+reqURL);
                    boolean isMozillaBrowser =isMozillaBrowser(request);
                    
                   
                    if(isMozillaBrowser) // mozilla perform a redirect.
                    {
                        try
                        {
                          
                            response.sendRedirect(response.encodeRedirectURL(reqURL));
                        }
                        catch(Exception e)
                        {
                            e.printStackTrace();
                        }
                    }
                    else // internet explorer set the location header field
                    {
                        reqURL = response.encodeURL(reqURL);
                        response.setHeader("Location",reqURL);
                    }
             
            }
        }
        
    }

it works well in tomcat 5.0 but not in 5.5 ... Here the problem is when i try to convert from the HTTP to HTTPS in tomcat 5.5 instead of showing the struts action path in the URL as (http://localhost:8080/gensource.do ) it is passing the parameter in the URL as (http://localhost:8080/web/jsp/common/gensource_home.jsp) i.e., the location of the jsp file and not logging into the application

But if i try to run complete application in the HTTPS then it works well even in tomcat 5.5 ...
problem occurs only when i try to redirect from HTTP to HTTPS ... can any one help me it this regard

Thankyou

What this statement print ?

The log statement prints following when i use tomcat5.5
https://localhost:8443/ProjectName/web/jsp/common/gensource_home.jsp

but if i use tomcat5.0, the same statement prints as
https://localhost:8443/ProjectName/gensource.do

i have the following statement in struts-config.xml file

<action path="/gensource" parameter="/web/jsp/common/gensource_home.jsp" type="org.apache.struts.actions.ForwardAction"/>

Intrestingly, this happens beacuse servlet spec changeed from Tomcat 5 to TOmcat 5.5, so you need to use other methods like javax.servlet.http.HttpServletRequest#getRequestURI() OR javax.servlet.http.HttpServletRequest#getServletPath() OR ActionMapping#getPath().

Also, this issue is reported as a bug

Thanks for your reply...
I tried to use request.getURI() and request.getServlet() methods...but those methods also giving whole path...

Thanks for your reply...
I tried to use request.getRequestURI() and request.getServletPath() methods...but those methods also giving whole path...
Can you tell me how to ActionMapping's getPath() method to get action path...actually i wrote this method in normal java file..and calling this method in all jsp pages..

Harika emm wrote:
Can you tell me how to ActionMapping's getPath() method to get action path...

So your not using any Struts Action Class

Harika emm wrote:...actually i wrote this method in normal java file..and calling this method in all jsp pages..

How ? Can you post the example of how you're doing this ?

Also one wise suggestion, asked the same questions with more details in JSP OR Servlets forum, but not in both. Carefully Choose One Forum.

At the top of jsp page , i added the following line

JSPHttpRedirect.redirectToHTTPS(request,response);

JSPHttpRedirect.java file contains

import org.apache.log4j.*;

import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/** This object is used by JSP pages in order to redirect the user from
the
* https login screen to the url they requested. The only catch is that
the
* URL the user requested required http. Therefore this object will
* change the protocol of the URL back to http instead of https.
*
* @author psantos
*/
public class JSPHttpRedirect
{
public final static boolean DEBUG = false;
static Logger log = GetDataBaseConnection.log;
/** Creates a new instance of JSPHttpRedirect */
public JSPHttpRedirect()
{
}

/** This will redirect the user from the http login page to
* the https page they are supposed to go to. If the request url
* uses https then nothing is done.
* @param request The object that represents the client request.
* @param response The object that representes the client response.
*/
public static void redirectToHTTPS(HttpServletRequest request,
HttpServletResponse response)
{
System.out.println("issecure==>"+request.isSecure());
if(!request.isSecure())
{

String reqURL = request.getRequestURL().toString();

if(reqURL.startsWith("http"))
{
reqURL = reqURL.substring(4);
reqURL = "https"+reqURL;

reqURL = reqURL.replace("8080", "8443");

System.out.println("reqURL-===>"+reqURL);
boolean isMozillaBrowser =isMozillaBrowser(request);

if(isMozillaBrowser) // mozilla perform a redirect.
{
try
{
response.sendRedirect(response.encodeRedirectURL(reqURL));
}
catch(Exception e)
{
e.printStackTrace();
}
}
else // internet explorer set the location header field
{
reqURL = response.encodeURL(reqURL);
response.setHeader("Location",reqURL);

}

}
}

}
/** This will redirect the user from the https secured pages to
* the http page they are supposed to go to. If the request url
* uses https then nothing is done.
* @param request The object that represents the client request.
* @param response The object that representes the client response.
*/
public static void redirectToHTTP(HttpServletRequest request,
HttpServletResponse response)
{
log.info("issecurehttp==>"+request.isSecure());

// we came from a secure login but we intended to use http.
// therefore we need to convert the URL to use http protocol

String reqURL = request.getRequestURL().toString();

if(reqURL.startsWith("https"))
{
reqURL = reqURL.substring(5);
reqURL = "http"+reqURL;

reqURL = reqURL.replace("8443", "8080");

log.info("reqURLHttp-===>"+reqURL);
boolean isMozillaBrowser =isMozillaBrowser(request);

// depending on the browser do the appropriate thing to
// avoid a popup being shown to the user that they were
// redirected from an https to an http URL.

if(isMozillaBrowser) // mozilla perform a redirect.
{
try
{

response.sendRedirect(response.encodeRedirectURL(reqURL));
}
catch(Exception e)
{
e.printStackTrace();
}
}
else // internet explorer set the location header field
{
reqURL = response.encodeURL(reqURL);
response.setHeader("Location",reqURL);
try
{

response.sendRedirect(response.encodeRedirectURL(reqURL));
}
catch(Exception e)
{
e.printStackTrace();
}
}
// }
//}
}
}

/** This method determines the type of browser the request is from.
* If the browser is a netscape or mozilla browser return true.
* If it's internet explorer return false.
* @param request The object that represents the client request.
*/
public static boolean isMozillaBrowser(HttpServletRequest request)
{

// this snipet of code was found over the web on 11/09/2005
// http://hotwired.lycos.com/
// webmonkey/01/22/index3a_page4.html?tw=programming

String agent = request.getHeader("USER-AGENT");
if (null != agent && -1 != agent.indexOf("MSIE"))
{
return false;
}
return true;
}
}

Please, UseCodeTags

Also, one thing I noticed that, you can implemented this logic in JavaScript by using window.location = newURL. Why do you want to use Java Code in JSP, a scriptlets, its a bad programming practice, can't you just use JavaScript.