在java servlet中从http重定向到https并返回http
有一堆链接在没有 https 的情况下访问我的 servlet
由于 servlet 是通用形式,并且 http url 是使用随机 id 生成的,因此很难使用 modrewrite 或类似的东西。
因此我用这样的代码修改了我的 servlet:
//redirect to https
String sec = servletRequest.getParameter("Sec");
String qString = servletRequest.getQueryString();
if (StringUtils.isEmpty(sec)){
try {
HttpServletResponse rsp = request.getServletResponse(true);
String PORTAL_URL = l_aliasHelper.getPath(request);
rsp.sendRedirect("https://"+servletRequest.getServerName() +PORTAL_URL+"?" +qString+"&Sec=yes");
} catch (Exception e) {
e.printStackTrace();
}
}
现在工作正常了!
但是,如果我想返回 http,因为我想避免有关其他页面上不安全元素的烦人警告,该怎么办?
那么,在用户提交表单后,如何再次重定向到 http?
如果一切正常,用户将在他启动的同一 URL 下显示一条包含成功消息的响应。
So the cycle goes like this:
http://<somedomain>/<anypath>?<anyid>
https://<somedomain>/<anypath>?<anyid>&Sec=yes
and now it should go back maybe with a step inbetween to
http://<somedomain>/<anypath>?<anyid> <- the success message should be
displayed here
显示消息之前的最后一个方法是
sucessmessage.render(request,response)
请求和响应都是所有请求/响应相关事务的应用程序服务器组件特定视图。他们有这样的方法:
获取ServletResponse
public HttpServletResponse getServletResponse(布尔应答)
获取原始 servlet 响应。注意:这应该被访问仅在特殊情况下。如果该参数设置为 true all 将跳过运行时的进一步内容处理。这是 仅当请求是从基于 servlet 的发起时才可用 连接。
那么如何才能以安全提交表单的方式操作响应,但用户之后可以在网站的其余部分继续使用 http。
there are a bunch of links accessing my servlet without https
As the servlet is a generic form and the http urls are generated with an random id it is difficult to use modrewrite or something like that.
Therefore I modified my servlet with code like that:
//redirect to https
String sec = servletRequest.getParameter("Sec");
String qString = servletRequest.getQueryString();
if (StringUtils.isEmpty(sec)){
try {
HttpServletResponse rsp = request.getServletResponse(true);
String PORTAL_URL = l_aliasHelper.getPath(request);
rsp.sendRedirect("https://"+servletRequest.getServerName() +PORTAL_URL+"?" +qString+"&Sec=yes");
} catch (Exception e) {
e.printStackTrace();
}
}
Now this works fine!
But, what if I want back to http because I want to avoid nagging warnings about insecure elements on other pages.
So how do I redirect to http again after the user has submitted the form?
If everything worked well the user gets displayed a response with a success message under the same URL he started.
So the cycle goes like this:
http://<somedomain>/<anypath>?<anyid>
https://<somedomain>/<anypath>?<anyid>&Sec=yes
and now it should go back maybe with a step inbetween to
http://<somedomain>/<anypath>?<anyid> <- the success message should be
displayed here
the last method before the message is displayed is
sucessmessage.render(request,response)
request and response are both appserver component specific views on all request / response related matters. They have methods like:
getServletResponse
public HttpServletResponse getServletResponse(boolean answering)
Gets the original servlet response. Note: This should be accessedin extraordinary cases only. If the parameter is set to true all
further content procession of the runtime will be skipped. This is
only available, if the request was initiated from a servlet based
connection.
So how can the response be manipulated in a way that the form is submitted secure, but the user can go on with http on the rest of the site afterwards.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
看起来你试图在一个地方做太多事情。也许下面的分解会更容易:
确保对您的表单操作的请求确实已收到
https。这也可以在您的操作 Servlet 中,但将其设为过滤器意味着您可以重用它。只需确保安全 servlet 具有此过滤器集即可。
通过 http 的成功页面
It seems like you are trying to do too much in one place. Maybe the following break down will be easier:
ServletRequest.isSecure()tomake sure that requests to your form action actually came in over
https. This could also be in your action servlet, but making it a filter means you can reuse it. Just make sure the secure servlets have this filter set.
success page over http