How to automatically redirect http to https in a Java Web application?
1. What is Https?
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP (a protocol that transmits data between your browser and your website). The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.
Now, the HTTPS is being encouraged to be used. The websites using the HTTPS also get higher priority in the searching machine of Google.
2. Redirect http to https
For example, you have a website active with HTTP protocol. It is assumed that you have successfully installed HTTPS for your website, but the sites found by users on Google are still links using the HTTP protocol, therefore, you need to do something so that when the user accesses these links, it will automatically redirect to the HTTPS.
- http://example.com/somepage ==> https://example.com/somepage
For the Java Web applications, the automatical redirection of http to https is quite simple. You need some configurations in the web.xml file:
web.xml
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>My Web App</display-name>
<!-- .... -->
<security-constraint>
<web-resource-collection>
<web-resource-name>SessionTest</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- .... -->
</web-app>Pack and redeloy your application onto the Web Server. That's all!
Note: If your application doesn't have web.xml file, you can create it and put it into WEB-INF folder.
For the links that do not need security and want to automatically be redirected to the HTTPS, you also can configure them in web.xml.
web.xml
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>My Web App</display-name>
<!-- .... -->
<security-constraint>
<web-resource-collection>
<web-resource-name>SessionTest</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Non-SecureResource</web-resource-name>
<url-pattern>/test.jsp</url-pattern>
<url-pattern>/somepath/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- .... -->
</web-app>Java Servlet/Jsp Tutorials
- Install Tomcat Server for Eclipse
- Install Glassfish Web Server on Windows
- Run Maven Java Web Application in Tomcat Maven Plugin
- Run Maven Java Web Application in Jetty Maven Plugin
- Run background task in Java Servlet Application
- Java Servlet Tutorial for Beginners
- Java Servlet Filter Tutorial with Examples
- Java JSP Tutorial for Beginners
- Java JSP Standard Tag Library (JSTL) Tutorial with Examples
- Install Web Tools Platform for Eclipse
- Create a simple Login application and secure pages with Java Servlet Filter
- Create a Simple Java Web Application Using Servlet, JSP and JDBC
- Uploading and downloading files stored to hard drive with Java Servlet
- Upload and download files from Database using Java Servlet
- Displaying Image from Database with Java Servlet
- Redirect 301 Permanent redirect in Java Servlet
- How to automatically redirect http to https in a Java Web application?
- Use Google reCAPTCHA in Java Web Application
Show More