开发者

Http to https redirection [closed]

问答 作者:
Closed. This question needs to be more focused. It is not currently accepting answers.

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 7 years ago.

Improve this question

We have a Website that can be accessed with both http and https

We need all the pages to be accessed with http which is working fine but when users logged into the Site we need all the pages that had authenticated need to display with https

Please let us know what i开发者_Python百科s the easiest way to achieve this

Thanks Srinivas

You could use a filter:

public class MyFilter implements Filter {
    private FilterConfig conf;

    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest)request;
        HttpServletResponse resp = (HttpServletResponse)response;
        if (req.getRemoteUser() != null && req.getScheme().equals("http")) {
            String url = "https://" + req.getServerName()
                    + req.getContextPath() + req.getServletPath();
            if (req.getPathInfo() != null) {
                url += req.getPathInfo();
            }
            resp.sendRedirect(url);
        } else {
            chain.doFilter(request, response);
        }
    }

    public FilterConfig getFilterConfig() {
        return conf;
    }

    public void setFilterConfig(FilterConfig filterConfig) {
        conf = filterConfig;
    }

    public void destroy() {        
    }

    public void init(FilterConfig filterConfig) {
        conf = filterConfig;
    }
}

Here's my Scala solution on Jetty (I'm using Jetty standalone, no WAR).

class RedirectHandler extends ContextHandler {
  override def doHandle(target: String, baseRequest: Request,
      request: HttpServletRequest, response: HttpServletResponse): Unit = {
    if ("http" == request.getScheme.toLowerCase) {
      baseRequest setHandled true
      response sendRedirect s"https://${request.getServerName}${request.getContextPath}"
    }
  }
}

Add a connector to the server on ports 80, 8080, &c. Add this handler to the front of the chain of handlers.

You can achieve this easily with Apache.

Assuming you have got the user contents nested in 'protected' path, this will forward every request starting with '/protected' to your HTTPS host:

# HTTP redirect configuration
<VirtualHost *:80>
    RewriteEngine on
    RewriteRule ^/protected/ https://hostname/ [R]
</VirtualHost>

using this approach the rest of URI will be lost and users should navigate again to where they want to go.

Check if user is logged in, then check if connection is HTTPS.

 if (checkIfUserIsLoggedIn) {
   $val = ((@$_SERVER['SERVER_PORT_SECURE'] == 1) || (@$_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://';
   if ($val == 'http://') {
    // reload page if it not https
    header('Location: https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']);
   }
}

With magic.

Just kidding.

You have some sort of routine that runs on every page that checks whether a user is logged in, correct? Well, just add some logic in that routine that also checks the current URL and redirects to the https version if you're not already at it.

if current url is not https:
    redirect to replace(current url, 'http://', 'https://')

继续阅读:http

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9