I wrote a servlet in Java and I would like to know if the request to that servlet was executed using HTTP or HTTPS.
我在Java中编写了一个servlet,我想知道对于那个servlet的请求是使用HTTP还是HTTPS执行的。
I thought I can use request.getProtocol() but it returns HTTP/1.1 on both methods.
我认为我可以使用request.getProtocol(),但它在两个方法上都返回HTTP/1.1。
Any ideas?
什么好主意吗?
4 个解决方案
#1
87
HttpSerlvetRequest.isSecure() is the answer. The ServletContainer is responsible for returning true in the following cases:
HttpSerlvetRequest.isSecure答案是()。ServletContainer负责在以下情况下返回true:
- If the ServletContainer can itself accept requests on https.
- 如果ServletContainer本身可以接受https上的请求。
- If there is a LoadBalancer in front of ServletContainer. And , the LoadBlancer has got the request on https and has dispatched the same to the ServletContainer on plain http. In this case, the LoadBalancer sends X-SSL-Secure : true header to the ServletContainer, which should be honored.
- 如果在ServletContainer前面有一个负载均衡器。并且,LoadBlancer已经在https上获得了请求,并将请求发送到纯http上的ServletContainer。在这种情况下,LoadBalancer发送X-SSL-Secure: true header到ServletContainer,这应该是值得尊敬的。
The Container should also make this request attributes available when the request is received on https:
当在https上接收请求时,容器还应使此请求属性可用:
- javax.servlet.http.sslsessionid
- javax.servlet.http.sslsessionid
- javax.servlet.request.key_size
- javax.servlet.request.key_size
- javax.servlet.request.X509Certificate
- javax.servlet.request.X509Certificate
#2
24
You can't reliably depend on port numbers.
But you can depend on the scheme:
您不能可靠地依赖端口号。但你可以相信这个计划:
Use: request.getScheme() to see if it is https.
使用:request.getScheme()查看它是否为https。
If it is then it is secure connection.
如果是,那就是安全连接。
I believe this should work regardless of Tomcat version
我认为不管Tomcat版本如何,这都应该是可行的
#4
-3
https and http runs on different ports. So you can get the port from the request and know from which port the request came and so that you can know the protocol. int port=request.getServerPort();
https和http在不同的端口上运行。因此,您可以从请求中获取端口,并知道请求来自哪个端口,以便了解协议。int port = request.getServerPort();
#1
87
HttpSerlvetRequest.isSecure() is the answer. The ServletContainer is responsible for returning true in the following cases:
HttpSerlvetRequest.isSecure答案是()。ServletContainer负责在以下情况下返回true:
- If the ServletContainer can itself accept requests on https.
- 如果ServletContainer本身可以接受https上的请求。
- If there is a LoadBalancer in front of ServletContainer. And , the LoadBlancer has got the request on https and has dispatched the same to the ServletContainer on plain http. In this case, the LoadBalancer sends X-SSL-Secure : true header to the ServletContainer, which should be honored.
- 如果在ServletContainer前面有一个负载均衡器。并且,LoadBlancer已经在https上获得了请求,并将请求发送到纯http上的ServletContainer。在这种情况下,LoadBalancer发送X-SSL-Secure: true header到ServletContainer,这应该是值得尊敬的。
The Container should also make this request attributes available when the request is received on https:
当在https上接收请求时,容器还应使此请求属性可用:
- javax.servlet.http.sslsessionid
- javax.servlet.http.sslsessionid
- javax.servlet.request.key_size
- javax.servlet.request.key_size
- javax.servlet.request.X509Certificate
- javax.servlet.request.X509Certificate
#2
24
You can't reliably depend on port numbers.
But you can depend on the scheme:
您不能可靠地依赖端口号。但你可以相信这个计划:
Use: request.getScheme() to see if it is https.
使用:request.getScheme()查看它是否为https。
If it is then it is secure connection.
如果是,那就是安全连接。
I believe this should work regardless of Tomcat version
我认为不管Tomcat版本如何,这都应该是可行的
#3
#4
-3
https and http runs on different ports. So you can get the port from the request and know from which port the request came and so that you can know the protocol. int port=request.getServerPort();
https和http在不同的端口上运行。因此,您可以从请求中获取端口,并知道请求来自哪个端口,以便了解协议。int port = request.getServerPort();