o7planning

How to automatically redirect http to https in a Java Web application?

View more Tutorials:

1- What is Https?

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP (a protocol that transmits data between your browser and your website). The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.
Now, the HTTPS is being encouraged to be used. The websites using the HTTPS also get higher priority in the searching machine of Google.

2- Redirect http to https

For example, you have a website active with HTTP protocol. It is assumed that you have successfully installed HTTPS for your website, but the sites found by users on Google are still links using the HTTP protocol, therefore, you need to do something so that when the user accesses these links, it will automatically redirect to the HTTPS.
  • http://example.com/somepage ==> https://example.com/somepage
For the Java Web applications, the automatical redirection of http to https is quite simple. You need some configurations in the web.xml file:
web.xml
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
   http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
   version="3.0">
   <display-name>My Web App</display-name>

   <!-- .... -->

   <security-constraint>
      <web-resource-collection>
         <web-resource-name>SessionTest</web-resource-name>
         <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
   </security-constraint>

  <!-- .... -->

</web-app>
Pack and redeloy your application onto the Web Server. That's all!
Note: If your application doesn't have web.xml file, you can create it and put it into WEB-INF folder.
For the links that do not need security and want to automatically be redirected to the HTTPS, you also can  configure them in web.xml.
web.xml
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
   http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
   version="3.0">
   <display-name>My Web App</display-name>

   <!-- .... -->

   <security-constraint>
      <web-resource-collection>
         <web-resource-name>SessionTest</web-resource-name>
         <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
   </security-constraint>
 
 
   <security-constraint>
      <web-resource-collection>
         <web-resource-name>Non-SecureResource</web-resource-name>
         <url-pattern>/test.jsp</url-pattern>
         <url-pattern>/somepath/*</url-pattern>
      </web-resource-collection>
      <user-data-constraint>
         <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
   </security-constraint>


  <!-- .... -->

</web-app>

View more Tutorials:

Maybe you are interested

These are online courses outside the o7planning website that we introduced, which may include free or discounted courses.