0

in fact, i got the method for redirect http to https ,as I add a filter in web.xml. such as,

<security-constraint>
    <web-resource-collection>
        <web-resource-name>SSL</web-resource-name>
        <url-pattern>/xxx/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

in this case, I can make the urls like /xxx/* to be requested in https mode. There are some others urls like /yyy/* which must be requested in http mode, so how can I do that ?

Scott C Wilson
  • 19,102
  • 10
  • 61
  • 83
user1667811
  • 1
  • 2

1 Answers1

4

In the resin-web.xml, you can use the Resin rewrite tags to redirect to a different URL and check for conditions like IfSecure.

For example, your WEB-INF/resin-web.xml might look like

<web-app xmlns="http://caucho.com/ns/resin"
         xmlns:resin="urn:java:com.caucho.resin">

  <resin:Redirect regexp="^/xxx/" target="https://myhost.com/xxx/">
    <resin:IfSecure value="false"/>
  </resin:Redirect>

  <resin:Redirect regexp="^/yyy/" target="http://myhost.com/yyy/">
    <resin:IfSecure value="true"/>
  </resin:Redirect>

</web-app>

The first matches on your /xxx, and checks if it's an SSL connection. If isn't an SSL connection, it redirects to the https for the host. Otherwise the rule is ignored.

The second matches on your /yyy, and checks if it's an SSL connection. If it is an SSL connection, it redirects to the http for your host. Otherwise the rule is ignored.

Scott Ferguson
  • 141
  • 1