Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I know if the request to the servlet was executed using HTTP or HTTPS?

Tags:

java

https

ssl

servlets

http-protocols

I wrote a servlet in Java and I would like to know if the request to that servlet was executed using HTTP or HTTPS.

I thought I can use request.getProtocol() but it returns HTTP/1.1 on both methods.

Any ideas?

like image 343
ufk Avatar asked Nov 20 '11 10:11

ufk

People also ask

How HTTP POST request is processed using servlet?

The doPost() method in servlets is used to process the HTTP POST requests. It is used to submit the data from the browser to the server for processing. The data submitted with POST method type is sent in the message body so it is secure and cannot be seen in the URL.

What is HTTP servlet request and HTTP servlet response?

request – an HttpServletRequest object that contains the request the client has made of the servlet. response – an HttpServletResponse object that contains the response the servlet sends to the client.

Where are servlets executed?

Servlets execute within the address space of a Web server. It is not necessary to create a separate process to handle each client request. Servlets are platform-independent because they are written in Java.

Which method of HTTP servlet is used for getting the information from server?

The doGet() method is used for getting the information from server while the doPost() method is used for sending information to the server.

2 Answers

HttpSerlvetRequest.isSecure() is the answer. The ServletContainer is responsible for returning true in the following cases:

  • If the ServletContainer can itself accept requests on https.
  • If there is a LoadBalancer in front of ServletContainer. And , the LoadBlancer has got the request on https and has dispatched the same to the ServletContainer on plain http. In this case, the LoadBalancer sends X-SSL-Secure : true header to the ServletContainer, which should be honored.

The Container should also make this request attributes available when the request is received on https:

  • javax.servlet.http.sslsessionid
  • javax.servlet.request.key_size
  • javax.servlet.request.X509Certificate
like image 52
Ramesh PVK Avatar answered Sep 26 '22 08:09

Ramesh PVK

You can't reliably depend on port numbers.
But you can depend on the scheme:

Use: request.getScheme() to see if it is https.

If it is then it is secure connection.

I believe this should work regardless of Tomcat version

like image 45
Cratylus Avatar answered Sep 24 '22 08:09

Cratylus
Sign in to Comment

Related questions

How to remove a task from ScheduledExecutorService?
How to declare a constant in Java?
Difference between Intent.ACTION_GET_CONTENT and Intent.ACTION_PICK
Lambda this reference in java
How is values() implemented for Java 6 enums?
How to convert Joda-Time DateTime to java.util.Date and vice versa?
In Java, can & be faster than &&?
Strange array return type
What's the point of Guava checkNotNull
Replacing if else statement with pattern
Where is the application.properties file in a Spring Boot project?
Java 8: How to create a ZonedDateTime from an Epoch value?
long timestamp to LocalDateTime
Gson and deserializing an array of objects with arrays in it
Difference between RxJava API and the Java 9 Flow API
Should you check if the map containsKey before using ConcurrentMap's putIfAbsent
Why is using BufferedInputStream to read a file byte by byte faster than using FileInputStream?
Hibernate: How to fix "identifier of an instance altered from X to Y"?
Matchers.any() for null value in Mockito
How to execute some function in eclipse while debugging a java program?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!