Why does request.getRequestURL() return non-https url?

jsf servlets
10,697

Solution 1

The HttpServletRequest#getRequestUrl() contains the protocol, server name, port number and server path, i.e. it should contain https if the connection is actually secured and is under HTTP.

However, this is not the only way to determine if the connection is secured. The ServelRequest interface defines two more options (ServletRequest#getScheme() and ServletRequest#isSecure()) to detect if the request is secured or not:

String scheme = request.getScheme(); //will return "https" when connection is secured
//or
boolean isSecured = request.isSecure(); //will return true when connection is secured

More info:

Solution 2

This behavior can happen if you have a load-balancer in front of the application. Even though requests are done in HTTPS the load-balancer will reissue them as plain http requests which produce this behavior.

One example is when using GAE (Google App Engine). You can use an HTTPS endpoint (https://my-app.appspot.com) but your app will continue to receive all requests in HTTP.

This was pointed out by @user3663882 under comments of approved answer.

Share:
10,697
user3663882
Author by

user3663882

Updated on June 27, 2022

Comments

  • user3663882
    user3663882 about 2 years

    In one of our projects we still have to use JSF 1.2 + Tomcat 6 and the problem is when I'm sending https-request to the server and trying to get requested URL in the managed bean as follows:

    ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
HttpServletRequest request = (HttpServletRequest)context.getRequest();
String url = request.getRequestURL().toString()

    The button that sends the request is just a submit-button looked as follows:

    <h:form id="contactform">
    <h:commandButton id="submit" action="#{forgotPasswordBean.doSend}"
 </h:form>

    I get http-based URL intead of https. In the web-browser's debug panel I made sure that an https-request was actually sent, but URL contained a link to just http request. What's a problem or it's just a bug?

  • user3663882
    user3663882 about 9 years
    Actually, the problem was that we have a load-blancer that sends plain-http request.
  • Kukeltje
    Kukeltje over 6 years
    A good loadbalancer passes at least some additional http header that indicates it was a secure connection

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

java.lang.NullPointerException at org.apache.jsp.index_jsp._jspInit
how to redirect to a Servlet from a commandButton in xhtml
Get Cookies from ServletRequest
Reading Web Application Resources
java.lang.LinkageError: loader constraint violation: when resolving interface method javax.servlet.jsp.JspApplicationContext.getExpressionFactory()
How to access managed bean and session bean from Servlet
Get the Raw Request String from HttpServletRequest
Java EE 6: JSF vs Servlet + JSP. Should I bother learning JSF?
Get JSF managed bean by name in any Servlet related class
What is the difference between JSF, Servlet and JSP?