Reputation: 491
redirect to SSL only if enabled in jsp
I have been trying to find a way of easily telling if a Java Server has SSL enabled from JSP to redirect a single page. My reasoning for this is that I only want to forward to SSL if it is enabled making it easy to test in our local dev systems without having to set up the certificates and then deploy to our release system and have the certificates just "work."
I have looked at attempting to create a SslSocketFactory and seeing if it works without an exception being thrown, but this doesn't appear to work as I thought. I do not particularly like this method however since I have to spend the time createing the factory to only throw it away. I'm really just looking for a public boolean isSslEnabled() method call that I can use.
Currently what we have is that the default state is to not use HTTPS, but when on the release system you can access the site via HTTPS. This isn't ideal since a user could still access the site over HTTP and everything would then be sent in the clear. I'm also not looking to encrypt the whole server, just a single page if SSL is enabled.
Upvotes: 0
Views: 528
Answers (2)
Reputation: 491
What I ended up doing was moving all the SSL redirect/enforcement into Apache instead of worrying about it in Tomcat. I am running Tomcat behind Apache and it seems that this was the best solution in order to get the forced SSL. I used the mod_rewrite in Apache to enforce the rules and it appears to be working like a charm.
Upvotes: 0
Reputation: 15879
Your Java code shouldnt be concerned whether SSL is enabled or not. Try to leave his to configuration only.
If you have setup your SSL requirements inside your web.xml, then your developers can override their local web.xml for their local server requirements (eg eclipse).
If your concerned about SSL for you per-production servers its best to create your own Certificate Authority and generate your own SSL certificates. This so that you can deploy the exact same EAR or WAR to pre-prod and production environments. You don't want to fiddle you deployment per environment.
Upvotes: 2
Related Questions
- How to fix HTTPS-HTTP mixed content error in JSP redirection in a java web application
- Perform an action on JSP if redirected from a servlet
- Redirect to a 3rd party HTTP page from HTTPS without the certificate error
- Limit SSL just for Login Page
- How to redirect requests to https from a servlet
- Spring Security: redirect to a different host when HTTPS is required
- Java Response Redirect from https to http
- https turns to http when redirecting from one jsp page to other
- redirect from http to https and back to http within java servlet
- redirect to http back after https in tomcat + jsf