I used play framework version 2.2.3 and I run activator using following command for accessing site using https.
./activator run -Dhttp.port=disabled -Dhttps.port=9043
and I typed URL in browser as below
https://localhost:9043/signin
Then it work fine and it redirects to https. But problem is that when I changed my URL as below
http://localhost:9043/signin
then I want to redirect above URL to https, how should this handled in play framework?
as of play 2.6.x it's now supported by a configuration
play.filters.enabled += play.filters.https.RedirectHttpsFilter
There are two question in there
For Play 2.2 myself, I use a reverse proxy to handle SSL which will automatically add a request header "X-Forwarded-Proto". I then check that header to verify that the connect is coming in via SSL.
String protocolHeaders = context.request().getHeader("X-Forwarded-Proto");
if(protocolHeaders != null) {
String[] split = protocolHeaders.split(",");
for(int i=0;i<split.length;i++) {
if(split[i].trim().equalsIgnoreCase("https")) {
return delegate.call(context);
}
}
}
I upgrading Play is an option, with Play 2.3 https detection is automatic, the header class has a built in secure() method which detects SSL and handle reverse proxied SSL as well.
https://www.playframework.com/documentation/2.3.x/api/java/play/mvc/Http.RequestHeader.html#secure()
I used an Action which I annotated my controllers (or base controllers) with.
public class SslEnforcerAction extends play.mvc.Action<SslEnforced> {
@Override
public Promise<SimpleResult> call(Context context) throws Throwable {
Logger.info("Running ssl enforcer");
String sslEnabled = Play.application().configuration().getString("app.ssl.enabled");
if(!StringUtils.equals(sslEnabled, "true")) {
return delegate.call(context);
}
Logger.info("X-Forwarded-Proto : {}", context.request().getHeader("X-Forwarded-Proto"));
String protocolHeaders = context.request().getHeader("X-Forwarded-Proto");
if(protocolHeaders != null) {
String[] split = protocolHeaders.split(",");
for(int i=0;i<split.length;i++) {
if(split[i].trim().equalsIgnoreCase("https")) {
return delegate.call(context);
}
}
}
Controller.flash("success", "For your security we've switched to SSL");
String target = "";
if(configuration.response() == SslEnforcedResponse.SELF) {
target = "https://" + context.request().host() + context.request().uri();
}
else {
target = controllers.my.dashboard.routes.DashboardController.index().absoluteURL(true, context._requestHeader());
}
//if we are here then ssl is enabled and the request wasn't ssl, so reject them
return Promise.pure(Controller.redirect(target));
}
}
/** allow controllers to send insure requests to themselves to dashboard */
public enum SslEnforcedResponse {
SELF,
DASHBOARD
}
@With(SslEnforcerAction.class)
@Target({ElementType.TYPE, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface SslEnforced {
SslEnforcedResponse response() default SslEnforcedResponse.SELF;
}
@SslEnforced
public class Application extends Controller {
....
}
For those of us who run Play 2.5 and keep landing on this page 4 years later:
In build.sbt add:
libraryDependencies += "com.github.enalmada" %% "play-https-redirect" % "1.0.2"
Create a Filters.java file inside the app/ folder. The following example redirects and also zips the response, you can delete the Gzip bits if you need:
import com.github.enalmada.filters.HttpsRedirectFilter;
import play.filters.gzip.GzipFilter;
import play.http.HttpFilters;
import play.mvc.EssentialFilter;
import javax.inject.Inject;
public class Filters implements HttpFilters {
private EssentialFilter[] filters;
@Inject
public Filters(GzipFilter gzipFilter, HttpsRedirectFilter httpsRedirectFilter) {
filters = new EssentialFilter[] { gzipFilter.asJava(), httpsRedirectFilter.asJava()};
}
public EssentialFilter[] filters() {
return filters;
}
}
In application.conf, root level, add:
httpsRedirect {
enabled=true
modes=["Prod", "Dev"]
excluded=["/url-to-exclude"]
hsts {
enabled=true
maxAge=31536000
preload = true
includeSubDomains = true
}
}
play.filters.enabled += play.filters.https.RedirectHttpsFilter
Download play-https-redirect example project and see it working in your localhost.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With