我在 web.xml 中有一个带有安全约束的 servlet,如下所示:
I have an servlet with security constraint in it's web.xml like below:
<security-constraint> <web-resource-collection> <web-resource-name>Admin</web-resource-name> <url-pattern>/admin/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>以上强制切换到 https 协议并且工作正常.但是在受保护的页面上有一些指向不安全页面的相对链接.当用户点击它们时,它们是通过 https 打开的,我想避免这种情况.将相对链接转换为绝对链接不是一种选择.Servlet 规范没有提供强制不安全连接的方法,所以我将实现一个过滤器,将用户重定向到 http:
Above forces a switch to https protocol and works fine. But on the secured pages there some relative links to unsecured pages. When users clicks on them they're opened via https which I want to avoid. Converting relative links to absolute is not an option. Servlet spec does not provide means of forcing unsecured connection so I'm going to implement a filter which would redirect user to http:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { if(!isSubjectToAuthConstraint(request)) { // Check protocol and redirect to http if https // .... } else { // Do nothing, managed by servlet spec filterChain.doFilter(request, response); } }所以我需要知道请求是否受到安全约束.我如何以编程方式知道它?有可能吗?
So I need to know whether request is under security constraint or not. How do I know it programmatically? Is it possible at all?
推荐答案嘿,正常情况下 https 端口是 443.通过在浏览器中输入 www.example:443/welcome.html 浏览器将其扩展为 www.example/welcome.html
Hy, in normal case the https port is 443. By entering in the browser www.example:443/welcome.html the browser extends it to www.example/welcome.html
也许这就是您所需要的:
Maybe this is what you need:
String serverAddress = ""; String serverName = request.getServerName( ); String serverPort = "" + request.getServerPort( ); if( request.isSecure( ) ) { serverAddress = "" + serverName + ":" + serverPort; } else { serverAddress = "" + serverName + ":" + serverPort; }更多推荐
我如何知道 HttpServletRequest 是否受 <security
发布评论