How can I know if the request to the servlet was executed using HTTP or HTTPS?
https://stackoverflow.com/questions/8200853
-
04-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianВопрос
I wrote a servlet in Java and I would like to know if the request to that servlet was executed using HTTP or HTTPS.
I thought I can use request.getProtocol() but it returns HTTP/1.1 on both methods.
Any ideas?
Решение
HttpSerlvetRequest.isSecure() is the answer. The ServletContainer is responsible for returning true in the following cases:
- If the ServletContainer can itself accept requests on https.
- If there is a LoadBalancer in front of ServletContainer. And , the LoadBlancer has got the request on https and has dispatched the same to the ServletContainer on plain http. In this case, the LoadBalancer sends X-SSL-Secure : true header to the ServletContainer, which should be honored.
The Container should also make this request attributes available when the request is received on https:
- javax.servlet.http.sslsessionid
- javax.servlet.request.key_size
- javax.servlet.request.X509Certificate
Другие советы
You can't reliably depend on port numbers.
But you can depend on the scheme:
Use: request.getScheme() to see if it is https.
If it is then it is secure connection.
I believe this should work regardless of Tomcat version
isSecure. Be sure to check the inherited methods.
https and http runs on different ports. So you can get the port from the request and know from which port the request came and so that you can know the protocol. int port=request.getServerPort();
