• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Redirecting the application from HTTP to HTTPS

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
I am using struts in my application...and I want to run secured pages to under https and other page like login page under http..
for that i included a redirect to HTTPServlet

it works well in tomcat 5.0 but not in 5.5 ... Here the problem is when i try to convert from the HTTP to HTTPS in tomcat 5.5 instead of showing the struts action path in the URL as (http://localhost:8080/gensource.do ) it is passing the parameter in the URL as (http://localhost:8080/web/jsp/common/gensource_home.jsp) i.e., the location of the jsp file and not logging into the application

But if i try to run complete application in the HTTPS then it works well even in tomcat 5.5 ...
problem occurs only when i try to redirect from HTTP to HTTPS ... can any one help me it this regard

Thankyou
tomcat5.5_error.jpg
[Thumbnail for tomcat5.5_error.jpg]
 
Ranch Hand
Posts: 2908
1
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What this statement print ?
 
Harika emm
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The log statement prints following when i use tomcat5.5
https://localhost:8443/ProjectName/web/jsp/common/gensource_home.jsp

but if i use tomcat5.0, the same statement prints as
https://localhost:8443/ProjectName/gensource.do

i have the following statement in struts-config.xml file

<action path="/gensource" parameter="/web/jsp/common/gensource_home.jsp" type="org.apache.struts.actions.ForwardAction"/>
 
Sagar Rohankar
Ranch Hand
Posts: 2908
1
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Intrestingly, this happens beacuse servlet spec changeed from Tomcat 5 to TOmcat 5.5, so you need to use other methods like javax.servlet.http.HttpServletRequest#getRequestURI() OR javax.servlet.http.HttpServletRequest#getServletPath() OR ActionMapping#getPath().

Also, this issue is reported as a bug

 
Harika emm
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your reply...
I tried to use request.getURI() and request.getServlet() methods...but those methods also giving whole path...

 
Harika emm
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your reply...
I tried to use request.getRequestURI() and request.getServletPath() methods...but those methods also giving whole path...
Can you tell me how to ActionMapping's getPath() method to get action path...actually i wrote this method in normal java file..and calling this method in all jsp pages..

 
Sagar Rohankar
Ranch Hand
Posts: 2908
1
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Harika emm wrote:
Can you tell me how to ActionMapping's getPath() method to get action path...


So your not using any Struts Action Class

Harika emm wrote:...actually i wrote this method in normal java file..and calling this method in all jsp pages..


How ? Can you post the example of how you're doing this ?

Also one wise suggestion, asked the same questions with more details in JSP OR Servlets forum, but not in both. Carefully Choose One Forum.
 
Harika emm
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
At the top of jsp page , i added the following line

JSPHttpRedirect.redirectToHTTPS(request,response);

JSPHttpRedirect.java file contains

import org.apache.log4j.*;

import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/** This object is used by JSP pages in order to redirect the user from
the
* https login screen to the url they requested. The only catch is that
the
* URL the user requested required http. Therefore this object will
* change the protocol of the URL back to http instead of https.
*
* @author psantos
*/
public class JSPHttpRedirect
{
public final static boolean DEBUG = false;
static Logger log = GetDataBaseConnection.log;
/** Creates a new instance of JSPHttpRedirect */
public JSPHttpRedirect()
{
}

/** This will redirect the user from the http login page to
* the https page they are supposed to go to. If the request url
* uses https then nothing is done.
* @param request The object that represents the client request.
* @param response The object that representes the client response.
*/
public static void redirectToHTTPS(HttpServletRequest request,
HttpServletResponse response)
{
System.out.println("issecure==>"+request.isSecure());
if(!request.isSecure())
{

String reqURL = request.getRequestURL().toString();

if(reqURL.startsWith("http"))
{
reqURL = reqURL.substring(4);
reqURL = "https"+reqURL;

reqURL = reqURL.replace("8080", "8443");

System.out.println("reqURL-===>"+reqURL);
boolean isMozillaBrowser =isMozillaBrowser(request);

if(isMozillaBrowser) // mozilla perform a redirect.
{
try
{
response.sendRedirect(response.encodeRedirectURL(reqURL));
}
catch(Exception e)
{
e.printStackTrace();
}
}
else // internet explorer set the location header field
{
reqURL = response.encodeURL(reqURL);
response.setHeader("Location",reqURL);

}

}
}

}
/** This will redirect the user from the https secured pages to
* the http page they are supposed to go to. If the request url
* uses https then nothing is done.
* @param request The object that represents the client request.
* @param response The object that representes the client response.
*/
public static void redirectToHTTP(HttpServletRequest request,
HttpServletResponse response)
{
log.info("issecurehttp==>"+request.isSecure());

// we came from a secure login but we intended to use http.
// therefore we need to convert the URL to use http protocol

String reqURL = request.getRequestURL().toString();

if(reqURL.startsWith("https"))
{
reqURL = reqURL.substring(5);
reqURL = "http"+reqURL;

reqURL = reqURL.replace("8443", "8080");

log.info("reqURLHttp-===>"+reqURL);
boolean isMozillaBrowser =isMozillaBrowser(request);

// depending on the browser do the appropriate thing to
// avoid a popup being shown to the user that they were
// redirected from an https to an http URL.

if(isMozillaBrowser) // mozilla perform a redirect.
{
try
{

response.sendRedirect(response.encodeRedirectURL(reqURL));
}
catch(Exception e)
{
e.printStackTrace();
}
}
else // internet explorer set the location header field
{
reqURL = response.encodeURL(reqURL);
response.setHeader("Location",reqURL);
try
{

response.sendRedirect(response.encodeRedirectURL(reqURL));
}
catch(Exception e)
{
e.printStackTrace();
}
}
// }
//}
}
}

/** This method determines the type of browser the request is from.
* If the browser is a netscape or mozilla browser return true.
* If it's internet explorer return false.
* @param request The object that represents the client request.
*/
public static boolean isMozillaBrowser(HttpServletRequest request)
{

// this snipet of code was found over the web on 11/09/2005
// http://hotwired.lycos.com/
// webmonkey/01/22/index3a_page4.html?tw=programming

String agent = request.getHeader("USER-AGENT");
if (null != agent && -1 != agent.indexOf("MSIE"))
{
return false;
}
return true;
}
}
 
Sagar Rohankar
Ranch Hand
Posts: 2908
1
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please, UseCodeTags

Also, one thing I noticed that, you can implemented this logic in JavaScript by using window.location = newURL. Why do you want to use Java Code in JSP, a scriptlets, its a bad programming practice, can't you just use JavaScript.
 
reply
    Bookmark Topic Watch Topic
  • New Topic