tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joe Shevland" <shevla...@kpi.com.au>
Subject RE: How to tell if request came via HTTPS?
Date Mon, 09 Oct 2000 22:20:30 GMT
Aah, getScheme() was what I was thinking about... but I believe in Tomcat
3.1 this may not correctly return HTTPS... fixed in 3.2b(something) as far
as I recall.

Cheers,
Joe

>
> James,
>
> The Tomcat implementation for isSecure() looks like this:
>
> public boolean isSecure() {
> 	// The adapter is responsible for providing this information
>         return getScheme().equalsIgnoreCase("HTTPS");
> }
>
> Since getScheme() is in the 2.1 API (part of ServletRequest), how about
> using that (like above)?
>
> Haven't tried it - just a thought...hope it helps...
>
> - Jason
>
>
> > -----Original Message-----
> > From: James House [mailto:james.house@medibuy.com]
> > Sent: Monday, October 09, 2000 4:51 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: RE: How to tell if request came via HTTPS?
> >
> >
> >
> > getProtocol() just specifies HTTP (or FTP, etc. if it's a
> > different kind of
> > (the top-level protocol, not whether or not SSL was used beneath it).
> >
> > getAuthType() is related to the authentication scheme used:
> > HTTP has schemes
> > for users to login/out (send usernames and passwords) to the
> > webserver --
> > perhaps you've visited sites that cause the browser to
> > 'popup' a user login
> > dialog? -- anyway, this doesn't have to do with HTTPS.
> >
> > Thanks for the attempted help!
> >
> > Does anyone else have a suggestion?
> >
> > James
> >
> > -----Original Message-----
> > From: Wes Mckean [mailto:WMckean@us-south.net]
> > Sent: Monday, October 09, 2000 3:44 PM
> > To: 'tomcat-user@jakarta.apache.org'
> > Subject: RE: How to tell if request came via HTTPS?
> >
> >
> > How about getAuthType() or getProtocol()?
> >
> > Don't worry about Charlie.  He thinks this is a user group,
> > where flames are
> > the norm.  Try it and see, because I would like to know as well.
> >
> > Wes
> >
> > -----Original Message-----
> > From: James House [mailto:james.house@medibuy.com]
> > Sent: Monday, October 09, 2000 5:33 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: RE: How to tell if request came via HTTPS?
> >
> >
> >
> > Boy, you're friendly.
> >
> > I simply forgot to mention that I'm writing against the 2.1 spec.
> >
> > Does anyone (courteous) know if there's a way to do this in
> > the 2.1 spec?
> >
> >
> > -----Original Message-----
> > From: forsythe@bart.netvoice.net [mailto:forsythe@bart.netvoice.net]On
> > Behalf Of Charles Forsythe
> > Sent: Monday, October 09, 2000 3:21 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: Re: How to tell if request came via HTTPS?
> >
> >
> > James House wrote:
> > > Can someone tell me if there is a way to determine whether or not a
> > > request came in via HTTPS rather than HTTP?
> >
> > The Request object has a method called isSecure().  Guess
> > what it does.
> >
> > I'm not sure that someone too stupid to read the basic
> > documentation of
> > the API he's trying to program should be trusted writing a secure
> > application, but that's your employer's problem.
> >
> > -- Charles
> >
>


Mime
View raw message