• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Force URL redirect from http to https?

 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm using a product in java, where in recently changed the configuration to https. It's working fine now.But the http:// page is blank.I need to force redirect http:// to https:// while loading. I've used <security-constraint> plug-in in web.xml. But it's not redirecting. Is there any plug-in that can be added in web.xml that will force redirect the URL from http:// to https://. Since it's a product i can't touch the init() method of controller servlet to check the request and redirect.

Ex: if i type http://localhost while loading it should go to https://localhost

Thanks,
 
author & internet detective
Posts: 41933
910
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Joshua,
Welcome to JavaRanch!

If you have a webserver, it is common to configure the webserver to do the redirect. If you have to do it on an app server, I'm not sure if you can do it without changing the servlet. You could always write a wrapper servlet that takes care of the redirection if http is called and delgates to the original servlet if https is called.
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think we can write a Filter for url-pattern '/*' which could just check if the request isSecure() or not; then forward the request accordingly.
I mean, if request is not secure, get the real-path/url of the request and edit it and do sendRedirect(secureUrl).
 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for good suggestion.

I'm using webserver. https configuration is working fine. Since I'm using a product i can't write a filter and deploy it again.

While the page loads To auto change the URL from http://localhost to https://localhost

I found the below plug-in that can be inserted in web.xml to resolve the issue. But still it's not working.

<security-constraint>
<web-resource-collection>
<web-resource-name>app or resourcename</web-resource-name>
<url-pattern>/*</url-pattern> <!-- define all url patterns that need to be protected-->
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>

<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Can you just help me in resolving this issue..

Thanks,
 
Ranch Hand
Posts: 47
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is the error that you are getting?
 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm getting a plain page with URL http://localhost. So manually i'm changing the URL to https://localhost to work.
 
Ankit Nagpal
Ranch Hand
Posts: 47
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tried your code on my development environment and its working fine. http request automatically is changed to https.

Please paste your partial web.xml code and the request URL in your next reply so that I can have a look.

In the meantime, have a look at this link, it might just help solve your issue. (only if the server is Tomcat)
[ October 11, 2008: Message edited by: Ankit Nagpal ]
 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The web.xml details that will be helpful.

<servlet>
<servlet-name>Tracer</servlet-name>
<servlet-class>com.logic.cs.servlet.Tracer</servlet-class>
<init-param>
<param-name>rootdir</param-name>
<param-value>path of webapps</param-value>
</init-param>
<init-param>
<param-name>ccm_home</param-name>
<param-value>application path</param-value>
</init-param>
<init-param>
<param-name>protocol</param-name>
<param-value>https</param-value>
</init-param>
<init-param>
<param-name>port</param-name>
<param-value>8607</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>XFireServlet</servlet-name>
<url-pattern>/webservices/*</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>dwr-invoker</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>

<!-- Map the Tracer servlet to / so it is the root location. Everything that does not match a specific -->
<!-- mapped servlet or context will be directed back to the login page via this mapping -->
<servlet-mapping>
<servlet-name>Tracer</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>


I've given the application name in <web-resource-name> and
<url-pattern>/*</url-pattern>
Also tried with <url-pattern>*.do</url-pattern>

Both are not working.

Also I'm plugging the <security-constraint> tag just before the </web-app> tag.

Is there any other configurations needs to be done?
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
you also need sslext.jar and this code in your web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>SSL Pages</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
 
Sheriff
Posts: 67750
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"luix luix",

There aren't many rules that you need to worry about here on the Ranch, but one that we take very seriously regards the use of proper names. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

Thanks!
bear
JavaRanch Sheriff
 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I've plugged in the security-constraint tag in web.xml and placed sslext.jar (downloaded from http://sourceforge.net/project/showfiles.php?group_id=59967) in lib. It seems that the sslext.jar that i got is application specific. But still it's not redirecting automatically. Is it server specific?
 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Also le me know how the redirection happens from http to https after including <security-constraint> tag and a sslext.jar?
 
Joshua Emerson
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is there any other (as the previous solution does not work) option to auto re direct of http to https while loading?
 
reply
    Bookmark Topic Watch Topic
  • New Topic