0

I have a Java web app running on Tomcat and am trying to perform a 302 redirection.

The problem is: original request URL uses HTTPS. I want the redirect URL to use HTTP instead:

response.setHeader('Location', 'http://www.google.com');

For some reason, after checking the redirection pack with Wireshark, the 'Location' header has 'https://www.google.com' instead.

Is there any configuration I can change so Tomcat respects the protocol I set in the header?

kenorb
  • 155,785
  • 88
  • 678
  • 743
Filipe Castro
  • 1
  • 1
  • are you sure it's not google doing their OWN redirect to the https version? – Marc B Mar 13 '15 at 17:42
  • I actually only used google as an example - the same happens for a URL within my web app. I've also tried a site with no support to HTTPS. The problem is, before even before my client accessing the URL, it is being changed to HTTPS – Filipe Castro Mar 13 '15 at 18:44

1 Answers1

1

Does your web.xml have the security-constraint element something similar to...

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Secure Web Pages</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>

    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

This will force your http requests to be https.

Aparna Dasari
  • 31
  • 1