java Http 到 https 重定向
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6991640/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Http to https redirection
提问by Srinivas
We have a Website that can be accessed with both http and https
我们有一个可以使用 http 和 https 访问的网站
We need all the pages to be accessed with http which is working fine but when users logged into the Site we need all the pages that had authenticated need to display with https
我们需要使用 http 访问所有页面,这工作正常,但是当用户登录站点时,我们需要所有经过身份验证的页面都需要使用 https 显示
Please let us know what is the easiest way to achieve this
请让我们知道实现这一目标的最简单方法是什么
Thanks Srinivas
谢谢斯里尼瓦斯
回答by Maurice Perry
You could use a filter:
您可以使用过滤器:
public class MyFilter implements Filter {
private FilterConfig conf;
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse resp = (HttpServletResponse)response;
if (req.getRemoteUser() != null && req.getScheme().equals("http")) {
String url = "https://" + req.getServerName()
+ req.getContextPath() + req.getServletPath();
if (req.getPathInfo() != null) {
url += req.getPathInfo();
}
resp.sendRedirect(url);
} else {
chain.doFilter(request, response);
}
}
public FilterConfig getFilterConfig() {
return conf;
}
public void setFilterConfig(FilterConfig filterConfig) {
conf = filterConfig;
}
public void destroy() {
}
public void init(FilterConfig filterConfig) {
conf = filterConfig;
}
}
回答by F. P. Freely
Here's my Scala solution on Jetty (I'm using Jetty standalone, no WAR).
这是我在 Jetty 上的 Scala 解决方案(我使用独立的 Jetty,没有 WAR)。
class RedirectHandler extends ContextHandler {
override def doHandle(target: String, baseRequest: Request,
request: HttpServletRequest, response: HttpServletResponse): Unit = {
if ("http" == request.getScheme.toLowerCase) {
baseRequest setHandled true
response sendRedirect s"https://${request.getServerName}${request.getContextPath}"
}
}
}
Add a connector to the server on ports 80, 8080, &c. Add this handler to the front of the chain of handlers.
在端口 80、8080 和 c 上向服务器添加连接器。将此处理程序添加到处理程序链的前面。
回答by n0rm1e
You can achieve this easily with Apache.
您可以使用 Apache 轻松实现这一点。
Assuming you have got the user contents nested in 'protected' path, this will forward every request starting with '/protected' to your HTTPS host:
假设您将用户内容嵌套在“受保护”路径中,这会将每个以“/受保护”开头的请求转发到您的 HTTPS 主机:
# HTTP redirect configuration
<VirtualHost *:80>
RewriteEngine on
RewriteRule ^/protected/ https://hostname/ [R]
</VirtualHost>
using this approach the rest of URI will be lost and users should navigate again to where they want to go.
使用这种方法,URI 的其余部分将丢失,用户应该再次导航到他们想去的地方。
回答by JercSi
Check if user is logged in, then check if connection is HTTPS.
检查用户是否登录,然后检查连接是否为HTTPS。
if (checkIfUserIsLoggedIn) {
$val = ((@$_SERVER['SERVER_PORT_SECURE'] == 1) || (@$_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://';
if ($val == 'http://') {
// reload page if it not https
header('Location: https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']);
}
}
回答by Jordan
With magic.
用魔法。
Just kidding.
只是在开玩笑。
You have some sort of routine that runs on every page that checks whether a user is logged in, correct? Well, just add some logic in that routine that also checks the current URL and redirects to the https version if you're not already at it.
你有某种程序运行在每个页面上,检查用户是否登录,对吗?好吧,只需在该例程中添加一些逻辑,它还会检查当前 URL 并重定向到 https 版本(如果您还没有这样做的话)。
if current url is not https:
redirect to replace(current url, 'http://', 'https://')
