开发者

Http to https redirection [closed]

开发者 https://www.devze.com 2023-03-26 15:59 出处:网络
Closed. This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this po
Closed. This question needs to be more focused. It is not currently accepting answers.

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 7 years ago.

Improve this question

We have a Website that can be accessed with both http and https

We need all the pages to be accessed with http which is working fine but when users logged into the Site we need all the pages that had authenticated need to display with https

Please let us know what i开发者_Python百科s the easiest way to achieve this

Thanks Srinivas


You could use a filter:

public class MyFilter implements Filter {
    private FilterConfig conf;

    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest)request;
        HttpServletResponse resp = (HttpServletResponse)response;
        if (req.getRemoteUser() != null && req.getScheme().equals("http")) {
            String url = "https://" + req.getServerName()
                    + req.getContextPath() + req.getServletPath();
            if (req.getPathInfo() != null) {
                url += req.getPathInfo();
            }
            resp.sendRedirect(url);
        } else {
            chain.doFilter(request, response);
        }
    }

    public FilterConfig getFilterConfig() {
        return conf;
    }

    public void setFilterConfig(FilterConfig filterConfig) {
        conf = filterConfig;
    }

    public void destroy() {        
    }

    public void init(FilterConfig filterConfig) {
        conf = filterConfig;
    }
}


Here's my Scala solution on Jetty (I'm using Jetty standalone, no WAR).

class RedirectHandler extends ContextHandler {
  override def doHandle(target: String, baseRequest: Request,
      request: HttpServletRequest, response: HttpServletResponse): Unit = {
    if ("http" == request.getScheme.toLowerCase) {
      baseRequest setHandled true
      response sendRedirect s"https://${request.getServerName}${request.getContextPath}"
    }
  }
}

Add a connector to the server on ports 80, 8080, &c. Add this handler to the front of the chain of handlers.


You can achieve this easily with Apache.

Assuming you have got the user contents nested in 'protected' path, this will forward every request starting with '/protected' to your HTTPS host:

# HTTP redirect configuration
<VirtualHost *:80>
    RewriteEngine on
    RewriteRule ^/protected/ https://hostname/ [R]
</VirtualHost>

using this approach the rest of URI will be lost and users should navigate again to where they want to go.


Check if user is logged in, then check if connection is HTTPS.

 if (checkIfUserIsLoggedIn) {
   $val = ((@$_SERVER['SERVER_PORT_SECURE'] == 1) || (@$_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://';
   if ($val == 'http://') {
    // reload page if it not https
    header('Location: https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']);
   }
}


With magic.

Just kidding.

You have some sort of routine that runs on every page that checks whether a user is logged in, correct? Well, just add some logic in that routine that also checks the current URL and redirects to the https version if you're not already at it.

if current url is not https:
    redirect to replace(current url, 'http://', 'https://')
0

精彩评论

暂无评论...
验证码 换一张
取 消