Table Of Content

How to automatically redirect http to https in a Java Web application?

View more categories:

1- What is Https?

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP (a protocol that transmits data between your browser and your website). The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.
Now, the  HTTPS is being encouraged to be used. The websites using the  HTTPS also get higher priority in the searching machine of  Google.

2- Redirect http to https

For example, you have a website active with HTTP protocol. It is assumed that you have successfully installed HTTPS for your website, but the sites found by users on Google are still links using the HTTP protocol, therefore, you need to do something so that when the user accesses these links, it will automatically redirect to the  HTTPS.
  • http://example.com/somepage ==> https://example.com/somepage
For the  Java Web applications, the automatical redirection of  http to  https is quite simple. You need some configurations in the  web.xml file:
web.xml
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
   http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
   version="3.0">
   <display-name>My Web App</display-name>

   <!-- .... -->

   <security-constraint>
      <web-resource-collection>
         <web-resource-name>SessionTest</web-resource-name>
         <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
   </security-constraint>

  <!-- .... -->

</web-app>
Pack and redeloy your application onto the Web Server. That's all!
Note: If your application doesn't have  web.xml file, you can create it and put it into  WEB-INF folder .
For the links that do not need security and want to automatically be redirected to the  HTTPS, you also can  configure them in  web.xml.
web.xml
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
   http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
   version="3.0">
   <display-name>My Web App</display-name>

   <!-- .... -->

   <security-constraint>
      <web-resource-collection>
         <web-resource-name>SessionTest</web-resource-name>
         <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
   </security-constraint>
 
 
   <security-constraint>
      <web-resource-collection>
         <web-resource-name>Non-SecureResource</web-resource-name>
         <url-pattern>/test.jsp</url-pattern>
         <url-pattern>/somepath/*</url-pattern>
      </web-resource-collection>
      <user-data-constraint>
         <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
   </security-constraint>


  <!-- .... -->

</web-app>

View more categories: