You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by James House <ja...@medibuy.com> on 2000/10/09 23:09:49 UTC

How to tell if request came via HTTPS?

Can someone tell me if there is a way to determine whether or not a request
came in via HTTPS rather than HTTP?

If I try request.getProtocol() it returns "HTTP/1.0" regardless of whether
HTTP or HTTPS was used.

What I'm really trying to do is:

if( <request came via HTTPS> )
	response.sendRedirect("https://some.url");
else
	response.sendRedirect("http://some.url");


Does anyone know what I should put in for the <request came via HTTPS> test?

(if I just do a sendRedirect with a relative path, then it always redirects
to HTTP even if the request was HTTPS)

Thanks,
James

Re: How to tell if request came via HTTPS?

Posted by Charles Forsythe <fo...@netvoice.net>.

James House wrote:
> Can someone tell me if there is a way to determine whether or not a 
> request came in via HTTPS rather than HTTP?

The Request object has a method called isSecure().  Guess what it does.

I'm not sure that someone too stupid to read the basic documentation of
the API he's trying to program should be trusted writing a secure
application, but that's your employer's problem.

-- Charles

RE: How to tell if request came via HTTPS?

Posted by Sherif Saleh <ss...@cfl.rr.com>.

Does anyone know how to unsubscribe from this list?
Thank You

-----Original Message-----
From: James House [mailto:james.house@medibuy.com]
Sent: Monday, October 09, 2000 5:10 PM
To: tomcat-user@jakarta.apache.org
Subject: How to tell if request came via HTTPS?

Can someone tell me if there is a way to determine whether or not a request
came in via HTTPS rather than HTTP?

If I try request.getProtocol() it returns "HTTP/1.0" regardless of whether
HTTP or HTTPS was used.

What I'm really trying to do is:

if( <request came via HTTPS> )
	response.sendRedirect("https://some.url");
else
	response.sendRedirect("http://some.url");

Does anyone know what I should put in for the <request came via HTTPS> test?

(if I just do a sendRedirect with a relative path, then it always redirects
to HTTP even if the request was HTTPS)

Thanks,
James