How can I know if the request to the servlet was executed using HTTP or HTTPS?

java https ssl servlets http-protocols

Solution 1:

HttpSerlvetRequest.isSecure() is the answer. The ServletContainer is responsible for returning true in the following cases:

  • If the ServletContainer can itself accept requests on https.
  • If there is a LoadBalancer in front of ServletContainer. And , the LoadBlancer has got the request on https and has dispatched the same to the ServletContainer on plain http. In this case, the LoadBalancer sends X-SSL-Secure : true header to the ServletContainer, which should be honored.

The Container should also make this request attributes available when the request is received on https:

  • javax.servlet.http.sslsessionid
  • javax.servlet.request.key_size
  • javax.servlet.request.X509Certificate

Solution 2:

You can't reliably depend on port numbers.
But you can depend on the scheme:

Use: request.getScheme() to see if it is https.

If it is then it is secure connection.

I believe this should work regardless of Tomcat version

Solution 3:

isSecure. Be sure to check the inherited methods.

Related

Determining duplicate values in an array
Post values from a multiple select
Understanding the results of Execute Explain Plan in Oracle SQL Developer
Making a Windows shortcut start relative to where the folder is?
Regex to extract substring, returning 2 results for some reason
What are the differences between stateless and stateful systems, and how do they impact parallelism?
JSHint "Possible strict violation." when using `bind`
How to configure different dockerfile for development and production
Why do you need to recompile C/C++ for each OS? [duplicate]
What are good rules of thumb for Python imports?
JPA entity without id
How do I get help messages to appear for my Powershell script parameters?